We now handle correctly the SOGo logout when using SAML (#2376 and #2379)

UI/MainUI/SOGoSAML2Actions.m

@@ -32,6 +32,7 @@
 #import <NGExtensions/NSCalendarDate+misc.h>
 #import <NGExtensions/NSString+misc.h>
 
+#import <SOGo/SOGoCache.h>
 #import <SOGo/SOGoSAML2Session.h>
 #import <SOGo/SOGoSession.h>
 #import <SOGo/SOGoSystemDefaults.h>
@@ -65,9 +66,12 @@
   return response;
 }
 
+//
+//
+//
 - (WOResponse *) saml2SingleLogoutServiceAction
 {
-  NSString *userName, *value, *cookieName;
+  NSString *userName, *value, *cookieName, *domain, *username, *password;
   SOGoWebAuthenticator *auth;
   WOResponse *response;
   NSCalendarDate *date;
@@ -96,6 +100,18 @@
       cookieName = [auth cookieNameInContext: context];
       value = [[context request] cookieValueForKey: cookieName];
       creds = [auth parseCredentials: value];
+
+      // We first delete our memcached entry
+      value = [SOGoSession valueForSessionKey: [creds lastObject]];
+      domain = nil;
+
+      [SOGoSession decodeValue: value
+                      usingKey: [creds objectAtIndex: 0]
+                         login: &username
+                        domain: &domain
+                      password: &password];
+
+      [[SOGoCache sharedCache] removeSAML2LoginDumpsForIdentifier: password];
       
       if ([creds count] > 1)
         [SOGoSession deleteValueForSessionKey: [creds objectAtIndex: 1]];

UI/MainUI/SOGoUserHomePage.m

@@ -33,7 +33,12 @@
 #import <NGExtensions/NSObject+Logs.h>
 
 #import <Appointments/SOGoFreeBusyObject.h>
+
+#import <SOGo/SOGoCache.h>
 #import <SOGo/SOGoCASSession.h>
+#if defined(SAML2_CONFIG)
+#import <SOGo/SOGoSAML2Session.h>
+#endif
 #import <SOGo/SOGoUserManager.h>
 #import <SOGo/SOGoWebAuthenticator.h>
 #import <SOGo/SOGoUser.h>
@@ -304,6 +309,47 @@
       redirectURL = [SOGoCASSession CASURLWithAction: @"logout"
                                        andParameters: nil];
     }
+#if defined(SAML2_CONFIG)
+  else if ([[sd authenticationType] isEqualToString: @"saml2"])
+    {
+      NSString *username, *password, *domain, *value;
+      SOGoSAML2Session *saml2Session;
+      SOGoWebAuthenticator *auth;
+      LassoServer *server;
+      LassoLogout *logout;   
+      NSArray *creds;
+  
+      auth = [[self clientObject] authenticatorInContext: context];
+      value = [[context request] cookieValueForKey: [auth cookieNameInContext: context]];
+      creds = [auth parseCredentials: value];
+
+      value = [SOGoSession valueForSessionKey: [creds lastObject]];
+      
+      domain = nil;
+      
+      [SOGoSession decodeValue: value
+                      usingKey: [creds objectAtIndex: 0]
+                         login: &username
+                        domain: &domain
+                      password: &password];
+
+      saml2Session = [SOGoSAML2Session SAML2SessionWithIdentifier: password
+                                                        inContext: context];
+      
+      server = [SOGoSAML2Session lassoServerInContext: context];
+      
+      logout = lasso_logout_new(server);
+
+      lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), [[saml2Session session] UTF8String]);
+      lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), [[saml2Session session] UTF8String]);
+      lasso_logout_init_request(logout, NULL, LASSO_HTTP_METHOD_REDIRECT);
+      lasso_logout_build_request_msg(logout);
+      redirectURL = [NSString stringWithFormat: @"%s", LASSO_PROFILE(logout)->msg_url];
+
+      // We destroy our cache entry, the session will be taken care by the caller
+      [[SOGoCache sharedCache] removeSAML2LoginDumpsForIdentifier: password];
+    }      
+#endif
   else
     {
       container = [[self clientObject] container];