added standard SAML logout method using metadata

This commit is contained in:
thomasDOTde 2017-12-05 00:14:31 +01:00
parent 049a8a4547
commit 60086d5d15
2 changed files with 33 additions and 8 deletions

View File

@ -380,18 +380,38 @@ def login():
error = e.message['desc'] if 'desc' in e.message else e error = e.message['desc'] if 'desc' in e.message else e
return render_template('register.html', error=error) return render_template('register.html', error=error)
@app.route('/logout') def clear_session():
def logout():
session.pop('user_id', None) session.pop('user_id', None)
session.pop('github_token', None) session.pop('github_token', None)
session.pop('google_token', None) session.pop('google_token', None)
session.clear() session.clear()
logout_user() logout_user()
if app.config.get('SAML_LOGOUT_REDIRECT'):
return redirect(app.config.get('SAML_LOGOUT_REDIRECT'))
else:
return redirect(url_for('login'))
@app.route('/logout')
def logout():
if app.config.get('SAML_ENABLED') and session['samlSessionIndex'] and app.config.get('SAML_LOGOUT'):
req = utils.prepare_flask_request(request)
auth = utils.init_saml_auth(req)
if app.config.get('SAML_LOGOUT_URL'):
return auth.logout(redirect_url = app.config.get('SAML_LOGOUT_URL'))
return auth.logout()
clear_session()
redirect_url = url_for('login')
return redirect(url_for('login'))
@app.route('/saml/sls')
def saml_logout():
req = utils.prepare_flask_request(request)
auth = utils.init_saml_auth(req)
url = auth.process_slo(delete_session_cb=clear_session())
errors = auth.get_errors()
if len(errors) == 0:
if url is not None:
return redirect(url)
else:
return redirect(url_for('index'))
else:
return render_template('errors/SAML.html', errors=errors)
@app.route('/dashboard', methods=['GET', 'POST']) @app.route('/dashboard', methods=['GET', 'POST'])
@login_required @login_required

View File

@ -92,8 +92,13 @@ SAML_METADATA_CACHE_LIFETIME = 1
SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>' SAML_SP_ENTITY_ID = 'http://<SAML SP Entity ID>'
SAML_SP_CONTACT_NAME = '<contact name>' SAML_SP_CONTACT_NAME = '<contact name>'
SAML_SP_CONTACT_MAIL = '<contact mail>' SAML_SP_CONTACT_MAIL = '<contact mail>'
## uncomment to redirect to the given URL on logout #Use SAML standard logout mechanism retreived from idp metadata
# SAML_LOGOUT_REDIRECT = 'https://<idp>/logout' #If configured false don't care about SAML session on logout.
#Logout from PowerDNS-Admin only and keep SAML session authenticated.
SAML_LOGOUT = False
#Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
#for example redirect to google.com after successful saml logout
#SAML_LOGOUT_URL = 'https://google.com'
#Default Auth #Default Auth
BASIC_ENABLED = True BASIC_ENABLED = True