Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-26257

Shibboleth plugin overrides logout redirect url even user did not log in through Shibboleth

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.13, 2.0.4, 2.1.1, 2.2
    • Fix Version/s: 1.9.14, 2.0.5, 2.1.2
    • Component/s: Authentication
    • Labels:
      None
    • Testing Instructions:
      Hide

      This requires a Moodle installation with Shibboleth authentication set up, and Shibboleth log out page handler configured.

      • Create two user accounts, "A" and "B".
      • Set authentication to Manual for "A", to Shibboleth for "B".
      • Log in as "A" and log out again.

      VERIFY: Shibboleth log out page is not shown.

      • Log in as "B" and log out again.

      VERIFY: Shibboleth log out page is being shown.

      Show
      This requires a Moodle installation with Shibboleth authentication set up, and Shibboleth log out page handler configured. Create two user accounts, "A" and "B". Set authentication to Manual for "A", to Shibboleth for "B". Log in as "A" and log out again. VERIFY: Shibboleth log out page is not shown. Log in as "B" and log out again. VERIFY: Shibboleth log out page is being shown.
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE
    • Pull from Repository:
    • Pull Master Branch:
    • Pull Master Diff URL:

      Description

      When I have both manual accounts and Shibboleth authentication enabled, if I log in through a manual account in Moodle and then log out, I got redirected to the Shibboleth logout page. I only want to be redirected to this url when I logged in through Shibboleth, which will completely log me out of my idp. But if I log in from a manual account, I want to be redirected to the default logout page when logout.

      I guess one way to fix this is to change logoutpage_hook() in "auth/shibboleth/auth.php" to check for $USER->auth. Only override the global variable $redirect when $USER->auth == "shibboleth".

      Hope this will make it to the core soon. Thanks!

        Attachments

          Issue Links

          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-29386 Can't login via Shibboleth while $CFG->authpreventaccountcreation is on

          • Critical - Crashes server, loss of data, severe memory leak
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-29385 Notices within the Shibboleth plugin

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              • Votes:
                7 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Oct/11