Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-26257

Shibboleth plugin overrides logout redirect url even user did not log in through Shibboleth

          Details

          • Type: Bug
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 1.9.13, 2.0.4, 2.1.1, 2.2
          • Fix Version/s: 1.9.14, 2.0.5, 2.1.2
          • Component/s: Authentication
          • Labels:
            None
          • Testing Instructions:
            Hide

            This requires a Moodle installation with Shibboleth authentication set up, and Shibboleth log out page handler configured.

            • Create two user accounts, "A" and "B".
            • Set authentication to Manual for "A", to Shibboleth for "B".
            • Log in as "A" and log out again.

            VERIFY: Shibboleth log out page is not shown.

            • Log in as "B" and log out again.

            VERIFY: Shibboleth log out page is being shown.

            Show
            This requires a Moodle installation with Shibboleth authentication set up, and Shibboleth log out page handler configured. Create two user accounts, "A" and "B". Set authentication to Manual for "A", to Shibboleth for "B". Log in as "A" and log out again. VERIFY: Shibboleth log out page is not shown. Log in as "B" and log out again. VERIFY: Shibboleth log out page is being shown.
          • Difficulty:
            Easy
          • Affected Branches:
            MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
          • Fixed Branches:
            MOODLE_19_STABLE, MOODLE_20_STABLE, MOODLE_21_STABLE
          • Pull from Repository:
          • Pull Master Branch:
          • Pull Master Diff URL:

            Description

            When I have both manual accounts and Shibboleth authentication enabled, if I log in through a manual account in Moodle and then log out, I got redirected to the Shibboleth logout page. I only want to be redirected to this url when I logged in through Shibboleth, which will completely log me out of my idp. But if I log in from a manual account, I want to be redirected to the default logout page when logout.

            I guess one way to fix this is to change logoutpage_hook() in "auth/shibboleth/auth.php" to check for $USER->auth. Only override the global variable $redirect when $USER->auth == "shibboleth".

            Hope this will make it to the core soon. Thanks!

              Gliffy Diagrams

                Attachments

                  Issue Links

                  has been marked as being related by

                  Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-29386 Can't login via Shibboleth while $CFG->authpreventaccountcreation is on

                  • Critical - Crashes server, loss of data, severe memory leak
                  • Closed

                  Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-29385 Notices within the Shibboleth plugin

                  • Minor - Minor loss of function where workaround is possible
                  • Closed

                    Activity

                      People

                      • Votes:
                        7 Vote for this issue
                        Watchers:
                        4 Start watching this issue

                        Dates

                        • Created:
                          Updated:
                          Resolved:
                          Fix Release Date:
                          10/Oct/11