extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-18 11:21:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix optional SAML/Shibboleth login fails when proxying as form field with name "auth=saml" get lost

Browse Source
This commit is contained in:
Ralf Becker 2020-06-24 08:56:13 +02:00
parent 03e08be0e6
commit 4959281164
3 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/js/login.js
View File

@ -59,12 +59,19 @@ egw_LAB.wait(function()
]); ]);
// automatic submit of SAML IdP selection // automatic submit of SAML IdP selection
jQuery('select.onChangeSubmit').on('change', function() { jQuery('select[name="auth=saml"]').on('change', function() {
if (this.value) { if (this.value) {
this.form.method = 'GET'; this.form.method = 'get';
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
jQuery(this.form).append('<input type="hidden" name="idp" value="'+this.value+'"/>');
this.form.submit(); this.form.submit();
} }
}); });
// or optional SAML login with a button for a single IdP
jQuery('input[type="submit"][name="auth=saml"]').on('click', function(){
this.form.method = 'get';
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
});
}); });
}); });

7
api/src/Auth.php
View File

@ -128,13 +128,6 @@ class Auth
{ {
$type = $_REQUEST['auth']; $type = $_REQUEST['auth'];
} }
elseif (($auth = array_filter($_REQUEST, function($key)
{
return substr($key, 0, 5) === 'auth=';
}, ARRAY_FILTER_USE_KEY)) && !empty(current($auth)))
{
$type = substr(key($auth), 5);
}
// to not allow enabling all sort of auth plugins by simply calling login.php?auth=xyz we require the // to not allow enabling all sort of auth plugins by simply calling login.php?auth=xyz we require the
// plugin to be enabled via "${auth}_discovery" server config // plugin to be enabled via "${auth}_discovery" server config
if (!empty($type) && empty($GLOBALS['egw_info']['server'][$type.'_discovery'])) if (!empty($type) && empty($GLOBALS['egw_info']['server'][$type.'_discovery']))

4
api/src/Auth/Saml.php
View File

@ -113,8 +113,8 @@ class Saml implements BackendSSO
{ {
// login (redirects to IdP) // login (redirects to IdP)
$as = new SimpleSAML\Auth\Simple(self::$auth_source); $as = new SimpleSAML\Auth\Simple(self::$auth_source);
$as->requireAuth(preg_match('|^https://|', $_REQUEST['auth=saml']) ? $as->requireAuth(preg_match('|^https://|', $_REQUEST['idp']) ?
['saml:idp' => $_REQUEST['auth=saml']] : []); ['saml:idp' => $_REQUEST['idp']] : []);
/* cleanup session for EGroupware: currently NOT used as we share the session with SimpleSAMLphp /* cleanup session for EGroupware: currently NOT used as we share the session with SimpleSAMLphp
$session = SimpleSAML\Session::getSessionFromRequest(); $session = SimpleSAML\Session::getSessionFromRequest();