Handle the case of an IdP not handling SLO as a normal situation, not an internal error

2012-09-17 15:03:42 +02:00 · 2012-09-17 15:03:42 +02:00 · eca07e104b
parent a9d9687c45
commit eca07e104b
1 changed files with 14 additions and 8 deletions
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@ -808,7 +808,21 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout)
        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
                      "User attempted to initiate logout without being"
                      " loggged in.");
+    } else if (res == LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE && res == LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE) {
+        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Current identity provider "
+                        "does not support single logout. Destroying local session only.");

+    } else if(res != 0) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "Unable to create logout request."
+                      " Lasso error: [%i] %s", res, lasso_strerror(res));
+
+        lasso_logout_destroy(logout);
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+    /* Early non failing return. */
+    if (res != 0) {
        lasso_logout_destroy(logout);

        /* Check for bad characters in ReturnTo. */
@ -820,16 +834,8 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout)
        /* Redirect to the page the user should be sent to after logout. */
        apr_table_setn(r->headers_out, "Location", return_to);
        return HTTP_SEE_OTHER;
-    } else if(res != 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Unable to create logout request."
-                      " Lasso error: [%i] %s", res, lasso_strerror(res));
-
-        lasso_logout_destroy(logout);
-        return HTTP_INTERNAL_SERVER_ERROR;
    }

-
    profile = LASSO_PROFILE(logout);

    /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex