Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50884

Bad interpretation of querystring in logout_handler of shibboleth authentication

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Enable shibboleth authentication method and go to settings.
      2. In the settings page fill the fields:
        • Shibboleth Service Provider logout handler URL - (/Shibboleth.sso?Logout)
        • Alternative logout return URL - (Any)
      3. Establish a connection between your integration and the shibboleth.
      4. Login and logout, make sure the logout url is generated correctly.

      I've created a simple script(test_shibboleth.php) to do a sanity check my change, you can simply save on the moodle root folder and run making sure the urls are generated correctly.

      Show
      Enable shibboleth authentication method and go to settings. In the settings page fill the fields: Shibboleth Service Provider logout handler URL - (/Shibboleth.sso?Logout) Alternative logout return URL - (Any) Establish a connection between your integration and the shibboleth. Login and logout, make sure the logout url is generated correctly. I've created a simple script(test_shibboleth.php) to do a sanity check my change, you can simply save on the moodle root folder and run making sure the urls are generated correctly.
    • Affected Branches:
      MOODLE_26_STABLE, MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-50884-master

      Description

      In the configuration of shibboleth, if you set the parameter "logout_handler" with URL that has a querystring (a string with "?" inside), logout of application will not be an valid URL .
      This is the solution we have used:

      diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php
      index ddfe96f..6b6eff9 100644
      --- a/auth/shibboleth/auth.php
      +++ b/auth/shibboleth/auth.php
      @@ -210,8 +210,15 @@ class auth_plugin_shibboleth extends auth_plugin_base {
                   }
       
                   // Overwrite redirect in order to send user to Shibboleth logout page and let him return back
      -            $redirect = $this->config->logout_handler.'?return='.urlencode($temp_redirect);
      -        }
      +           //$redirect = $this->config->logout_handler.'?return='.urlencode($temp_redirect);
      +           $findme='?';
      +           if(strpos($this->config->logout_handler,$findme)){
      +               $redirect = $this->config->logout_handler.'&return='.urlencode($temp_redirect);
      +               }
      +               else {
      +                 $redirect = $this->config->logout_handler.'?return='.urlencode($temp_redirect);
      +                }
      +        }  
           }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lameze Simey Lameze
              Reporter:
              bonimat Matteo Boni
              Peer reviewer:
              Simey Lameze
              Integrator:
              David Monllaó
              Tester:
              Rajesh Taneja
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Nov/15