summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbdauvergne <bdauvergne@3ed937ae-f919-0410-9a43-8e6f19e4ba6e>2009-09-28 13:25:27 (GMT)
committerbdauvergne <bdauvergne@3ed937ae-f919-0410-9a43-8e6f19e4ba6e>2009-09-28 13:25:27 (GMT)
commit6fc7839442e4fb55b976caec0862701b31158d85 (patch)
treea8e62808e667259d96e61b8f5937f813fca55fb1
parentb54fb9e091d427b0f82e2d204439d48045652a7b (diff)
downloadlarpe-6fc7839442e4fb55b976caec0862701b31158d85.zip
larpe-6fc7839442e4fb55b976caec0862701b31158d85.tar.gz
larpe-6fc7839442e4fb55b976caec0862701b31158d85.tar.bz2
Upse singleLogout by redirect with sessionIndex usage
* larpe/saml2.ptl: use sessionIndex to find a session when logout by redirect does not give the right session. git-svn-id: svn+ssh://labs.libre-entreprise.org/svnroot/larpe@479 3ed937ae-f919-0410-9a43-8e6f19e4ba6e
-rw-r--r--larpe/trunk/larpe/saml2.ptl16
1 files changed, 11 insertions, 5 deletions
diff --git a/larpe/trunk/larpe/saml2.ptl b/larpe/trunk/larpe/saml2.ptl
index b0aefc2..a498fc9 100644
--- a/larpe/trunk/larpe/saml2.ptl
+++ b/larpe/trunk/larpe/saml2.ptl
@@ -338,14 +338,20 @@ class Saml2(Saml2Directory):
# its browser configured so that cookies are not sent for
# remote queries and IdP is using image-based SLO.
# so we look up a session with the appropriate name identifier
- name_identifier = logout.nameIdentifier.content
+ # find a matching
for session in get_session_manager().values():
- # This block differs from qommon
- user = session.get_user(logout.server.providerId)
- if user and logout.nameIdentifier.content in user.name_identifiers:
+ session_index = session.lasso_session_indexes.get(providerId)
+ name_identifier = session.lasso_session_name_identifiers.get(providerId)
+ request_name_identifier = logout.nameIdentifier.content
+ request_session_index = logout.request.sessionIndex
+ if request_name_identifier == name_identifier and \
+ (not session_index or request_session_index == session_index):
+ get_logger().info('SLO/SOAP from %s' % logout.remoteProviderId)
break
else:
- session = get_session()
+ # no session, build straight failure answer
+ logout.buildResponseMsg()
+ return logout.msgBody
return self.slo_idp(logout, session)