forked from extern/egroupware
fix optional SAML/Shibboleth login fails when proxying as form field with name "auth=saml" get lost
This commit is contained in:
parent
03e08be0e6
commit
4959281164
@ -59,12 +59,19 @@ egw_LAB.wait(function()
|
||||
]);
|
||||
|
||||
// automatic submit of SAML IdP selection
|
||||
jQuery('select.onChangeSubmit').on('change', function() {
|
||||
jQuery('select[name="auth=saml"]').on('change', function() {
|
||||
if (this.value) {
|
||||
this.form.method = 'GET';
|
||||
this.form.method = 'get';
|
||||
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
|
||||
jQuery(this.form).append('<input type="hidden" name="idp" value="'+this.value+'"/>');
|
||||
this.form.submit();
|
||||
}
|
||||
});
|
||||
// or optional SAML login with a button for a single IdP
|
||||
jQuery('input[type="submit"][name="auth=saml"]').on('click', function(){
|
||||
this.form.method = 'get';
|
||||
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
|
@ -128,13 +128,6 @@ class Auth
|
||||
{
|
||||
$type = $_REQUEST['auth'];
|
||||
}
|
||||
elseif (($auth = array_filter($_REQUEST, function($key)
|
||||
{
|
||||
return substr($key, 0, 5) === 'auth=';
|
||||
}, ARRAY_FILTER_USE_KEY)) && !empty(current($auth)))
|
||||
{
|
||||
$type = substr(key($auth), 5);
|
||||
}
|
||||
// to not allow enabling all sort of auth plugins by simply calling login.php?auth=xyz we require the
|
||||
// plugin to be enabled via "${auth}_discovery" server config
|
||||
if (!empty($type) && empty($GLOBALS['egw_info']['server'][$type.'_discovery']))
|
||||
|
@ -113,8 +113,8 @@ class Saml implements BackendSSO
|
||||
{
|
||||
// login (redirects to IdP)
|
||||
$as = new SimpleSAML\Auth\Simple(self::$auth_source);
|
||||
$as->requireAuth(preg_match('|^https://|', $_REQUEST['auth=saml']) ?
|
||||
['saml:idp' => $_REQUEST['auth=saml']] : []);
|
||||
$as->requireAuth(preg_match('|^https://|', $_REQUEST['idp']) ?
|
||||
['saml:idp' => $_REQUEST['idp']] : []);
|
||||
|
||||
/* cleanup session for EGroupware: currently NOT used as we share the session with SimpleSAMLphp
|
||||
$session = SimpleSAML\Session::getSessionFromRequest();
|
||||
|
Loading…
Reference in New Issue
Block a user