[Koha-bugs] [Bug 20854] New: Redirect after logout with CAS 3.0 broken
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jun 1 13:33:55 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20854
Bug ID: 20854
Summary: Redirect after logout with CAS 3.0 broken
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: katrin.fischer at bsz-bw.de
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
There has been a change in the parameters for the logout request between CAS
2.0 und CAS 3.0:
Redirect URL parameter
CAS 2.0: url
CAS 3.0: service
The CAS module used by Koha officially only support CAS 2.0, so when you logout
from a CAS 3.0 server now, the redirect to Koha will be broken.
See here:
https://github.com/apereo/cas/blob/master/docs/cas-server-documentation/protocol/CAS-Protocol-Specification.md
Note: The url parameter defined in the former CAS 2.0 specification is not a
valid parameter in CAS 3.0 anymore. CAS Servers MUST ignore given url
parameters. A CAS client MAY provide the service parameter as described above,
as this ensures the parameter is validated against the registered service URLs
when operating in non-open mode. See 2.3.2 for details.
We are using the following 'hack' to make the redirect work correctly:
C4/Auth_with_cas.pm
$uri =~ s/\?logout\.x=1//; # We don't want to keep triggering a logout, if we
got here, the borrower is already logged out of Koha
- print $query->redirect( $cas->logout_url(url => $uri));
+ my $logout_url = $cas->logout_url(url => $uri);
+ $logout_url =~ s/url/service/;
+ print $query->redirect( $logout_url );
We won't have time to fix this properly, but wanted to document problem and
workaround at least.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list