Update to support simplesaml session naming (#757)

SimpleSAMLphp uses its own session name to store its information. This fix makes it so that this actually works and keeps XDMoD working. Also I hate waiting 3 seconds, I changed it to that when initially doing this to make testing easier, this sets it back down so that we aren't just sitting to sit.
ubccr · Jan 21, 2019 · 71d3c53 · 71d3c53
1 parent 00c1791
commit 71d3c53
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 16 deletions.
diff --git a/classes/Authentication/SAML/XDSamlAuthentication.php b/classes/Authentication/SAML/XDSamlAuthentication.php
@@ -18,18 +18,18 @@ class XDSamlAuthentication
     protected $_as = null;
 
     /**
-     * Enumerated potential auth sources
+     * The selected auth source name (used for logout)
      *
-     * @var array
+     * @var string
      */
-    protected $_sources = null;
 
+    protected $authSourceName = null;
     /**
-     * Whether or not SAML is configured. Defaults to false.
+     * Enumerated potential auth sources
      *
-     * @var boolean
+     * @var array
      */
-    protected $_isConfigured = false;
+    protected $_sources = null;
 
     const BASE_ADMIN_EMAIL = <<<EML
 
@@ -70,8 +70,10 @@ public function __construct()
                 $authSource = null;
             }
             if (!is_null($authSource) && array_search($authSource, $this->_sources) !== false) {
+                $this->authSourceName = $authSource;
                 $this->_as = new \SimpleSAML\Auth\Simple($authSource);
             } else {
+                $this->authSourceName = $this->_sources[0];
                 $this->_as = new \SimpleSAML\Auth\Simple($this->_sources[0]);
             }
         }
@@ -84,10 +86,17 @@ public function __construct()
      */
     public function isSamlConfigured()
     {
-        $this->_isConfigured = count($this->_sources) > 0 ? true : false;
-        return $this->_isConfigured;
+        return !empty($this->_sources);
     }
 
+    /**
+     * Logs out of the saml session
+     */
+    public function logout(){
+        if ($this->isSamlConfigured()) {
+            \SimpleSAML_Session::getSessionFromRequest()->doLogout($this->authSourceName);
+        }
+    }
     /**
      * Attempts to find a valid XDMoD user associated with the attributes we receive from SAML
      *
@@ -97,7 +106,10 @@ public function isSamlConfigured()
     public function getXdmodAccount()
     {
         $samlAttrs = $this->_as->getAttributes();
-
+        /*
+         * SimpleSAMLphp uses its own session, this sets it back.
+         */
+        \SimpleSAML_Session::getSessionFromRequest()->cleanup();
         if ($this->_as->isAuthenticated()) {
             $userName = $samlAttrs['username'][0];
 

diff --git a/classes/XDSessionManager.php b/classes/XDSessionManager.php
@@ -133,6 +133,16 @@ public static function logoutUser($token = "")
         // authentication (via tokens) trip the first Exception as the
         // result of invoking resolveUserFromToken($token)
         session_destroy();
+
+        try {
+            $auth = new Authentication\SAML\XDSamlAuthentication();
+            $auth->logout();
+        } catch (InvalidArgumentException $ex) {
+          // This will catch when apache or nginx have been set up
+          // to to have an alternate saml configuration directory
+          // that does not exist, so we ignore it as saml isnt set
+          // up and we dont have to do anything with it
+        }
     }
 
     /**

diff --git a/docs/simpleSAMLphp.md b/docs/simpleSAMLphp.md
@@ -47,10 +47,8 @@ You will need to modify the `config.php` file and make sure you modify the `meta
   ),
   ...
 ```
-two other keys that might need to be set if you are having errors
+If you are having errors you might need to check the trusted domains setting
 ```php
-  ...
-  'session.phpsession.cookiename' => null,
   ...
   'trusted.url.domains' => array('f.q.dn.of.xdmod'),
   ...

diff --git a/html/gui/general/login.php b/html/gui/general/login.php
@@ -1,6 +1,6 @@
 <?php
 require_once __DIR__ . '/../../../configuration/linker.php';
-
+@session_start();
 $formal_name = isset($_REQUEST['xd_user_formal_name']) ? $_REQUEST['xd_user_formal_name'] :  "";
 $samlError = false;
 $auth = null;
@@ -9,7 +9,10 @@
 try {
     $auth = new Authentication\SAML\XDSamlAuthentication();
 } catch (InvalidArgumentException $ex) {
- // This will catch when a configuration directory does not exist if it is set in the environment level
+    // This will catch when apache or nginx have been set up
+    // to to have an alternate saml configuration directory
+    // that does not exist, so we ignore it as saml isnt set
+    // up and we dont have to do anything with it
 }
 try {
     if ($auth && $auth->isSamlConfigured()) {
@@ -50,7 +53,7 @@
     function loadPortal() {
       setTimeout(function(){
         parent.location.href = '/index.php' + document.location.hash;
-      }, 3000);
+      }, 1500);
     }
 
     function contactAdmin() {

diff --git a/open_xdmod/modules/xdmod/integration_tests/scripts/samlSetup.sh b/open_xdmod/modules/xdmod/integration_tests/scripts/samlSetup.sh
@@ -136,7 +136,6 @@ sed -i -- 's%#</Directory>%</Directory>%' /etc/httpd/conf.d/xdmod.conf
 
 cp "$VENDOR_DIR/simplesamlphp/simplesamlphp/config-templates/config.php" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"
 sed -i -- "s/'trusted.url.domains' => array(),/'trusted.url.domains' => array('localhost:8080'),/" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"
-sed -i -- "s/'session.phpsession.cookiename' => 'SimpleSAML',/'session.phpsession.cookiename' => null,/" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"
 
 cat > "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/authsources.php" <<EOF
 <?php