From 6fc7839442e4fb55b976caec0862701b31158d85 Mon Sep 17 00:00:00 2001 From: bdauvergne Date: Mon, 28 Sep 2009 13:25:27 +0000 Subject: Upse singleLogout by redirect with sessionIndex usage * larpe/saml2.ptl: use sessionIndex to find a session when logout by redirect does not give the right session. git-svn-id: svn+ssh://labs.libre-entreprise.org/svnroot/larpe@479 3ed937ae-f919-0410-9a43-8e6f19e4ba6e diff --git a/larpe/trunk/larpe/saml2.ptl b/larpe/trunk/larpe/saml2.ptl index b0aefc2..a498fc9 100644 --- a/larpe/trunk/larpe/saml2.ptl +++ b/larpe/trunk/larpe/saml2.ptl @@ -338,14 +338,20 @@ class Saml2(Saml2Directory): # its browser configured so that cookies are not sent for # remote queries and IdP is using image-based SLO. # so we look up a session with the appropriate name identifier - name_identifier = logout.nameIdentifier.content + # find a matching for session in get_session_manager().values(): - # This block differs from qommon - user = session.get_user(logout.server.providerId) - if user and logout.nameIdentifier.content in user.name_identifiers: + session_index = session.lasso_session_indexes.get(providerId) + name_identifier = session.lasso_session_name_identifiers.get(providerId) + request_name_identifier = logout.nameIdentifier.content + request_session_index = logout.request.sessionIndex + if request_name_identifier == name_identifier and \ + (not session_index or request_session_index == session_index): + get_logger().info('SLO/SOAP from %s' % logout.remoteProviderId) break else: - session = get_session() + # no session, build straight failure answer + logout.buildResponseMsg() + return logout.msgBody return self.slo_idp(logout, session) -- cgit v0.10.2