misc: do not send logout requests if SingleLogout profile is not supported (#71041)
This commit is contained in:
parent
45c987584c
commit
750f869e5f
|
@ -68,7 +68,7 @@ def create_metadata(request):
|
|||
return render_to_string('mellon/metadata.xml', ctx)
|
||||
|
||||
|
||||
def create_server(request):
|
||||
def create_server(request, remote_provider_id=None):
|
||||
root = request.build_absolute_uri('/')
|
||||
cache = getattr(settings, '_MELLON_SERVER_CACHE', {})
|
||||
if root not in cache:
|
||||
|
@ -109,11 +109,15 @@ def create_server(request):
|
|||
key = key[0]
|
||||
server.setEncryptionPrivateKeyWithPassword(key, password)
|
||||
for idp in get_idps():
|
||||
if remote_provider_id and idp.get('ENTITY_ID') != remote_provider_id:
|
||||
continue
|
||||
if idp and idp.get('METADATA'):
|
||||
try:
|
||||
server.addProviderFromBuffer(lasso.PROVIDER_ROLE_IDP, idp['METADATA'])
|
||||
except lasso.Error as e:
|
||||
logger.error('bad metadata in idp %s, %s', idp['ENTITY_ID'], e)
|
||||
if not server.providers and remote_provider_id:
|
||||
logger.warning('mellon: create_server, no provider found for issuer %r', remote_provider_id)
|
||||
cache[root] = server
|
||||
settings._MELLON_SERVER_CACHE = cache
|
||||
return cache.get(root)
|
||||
|
@ -344,3 +348,12 @@ def get_local_path(request, url):
|
|||
if request.META.get('SCRIPT_NAME'):
|
||||
path = path[len(request.META['SCRIPT_NAME']) :]
|
||||
return path
|
||||
|
||||
|
||||
def is_slo_supported(request, issuer):
|
||||
server = create_server(request, remote_provider_id=issuer)
|
||||
# verify that at least one logout method is supported
|
||||
return (
|
||||
server.getFirstHttpMethod(server.providers[issuer], lasso.MD_PROTOCOL_TYPE_SINGLE_LOGOUT)
|
||||
!= lasso.HTTP_METHOD_NONE
|
||||
)
|
||||
|
|
|
@ -748,7 +748,7 @@ class LogoutView(ProfileMixin, LogMixin, View):
|
|||
logout = None
|
||||
try:
|
||||
issuer = request.session.get('mellon_session', {}).get('issuer')
|
||||
if issuer:
|
||||
if issuer and utils.is_slo_supported(request, issuer=issuer):
|
||||
self.profile = logout = utils.create_logout(request)
|
||||
self.get_relay_state(create=True)
|
||||
try:
|
||||
|
@ -851,6 +851,9 @@ class LogoutView(ProfileMixin, LogMixin, View):
|
|||
issuer = request.session.get('mellon_session', {}).get('issuer')
|
||||
if not issuer:
|
||||
return None
|
||||
# verify that at least one binding the logout profile is supported
|
||||
if not utils.is_slo_supported(request, issuer=issuer):
|
||||
return None
|
||||
session_indexes = models.SessionIndex.objects.filter(
|
||||
saml_identifier__user=request.user, saml_identifier__issuer__entity_id=issuer
|
||||
).order_by('-id')
|
||||
|
|
Loading…
Reference in New Issue