Improvement support SingleSignout #88
Conversation
The logout now only concern the session that was initiated by the CAS session Need : 1/ One table (user_cas_ticket) in order to save the correspondance ticket<=>sessionId 2/ One CronJob in order to delete ticket when token become invalide
|
Ok, ok!! your still removes all temporary sessions ... But ok, well done !! i didn't know that! i'm noobs in nextcloud :P |
|
I think I will still keep my version ... It's a lot more for just the correct support of SingleSignout but it has the advantage of really doing what you expect. Will you tell me if there are big errors in my code? |
|
Hi @pingou2712 thanks for your contribution, but at the moment such a big change in major code is not supportable by myself. I will consider merging your changes at a later time, when I have more time and focus to test everything through! Thanks and regards, |
|
Is this change should fix the logout problem ? when the CAS server send a logout request to the nextcloud. |
|
Hi @jgribonvald If you still have issues with SingleSignout in Nextcloud, please create a new issue. Regards, |
|
@felixrupp which version should works with SLO for you ? or which commit should fix this problem ? with the 1.8.5 version of your plugin this don't work for us with nextcloud 18. On an other side with latest PHPcas (1.3.8 and surely before) lib we don't need anymore to maintain a session_id mapping with the CAS ticket, for that we need only to follow these steps, after this is working on my side with a simple php apps, I don't know if it can be used in nextcloud (I don't know it enough):
This let to php the session management, the client CAS create a php session_id that he can retrieve for the logout. |
|
@jgribonvald 1.8.5 should fix the SLO problem. At least I don’t have any problems here with Nextcloud 18 and ownCloud 10.4. If you still have problems, please create a new issue and provide the necessary information (also with phpCAS and Nextcloud log entries). What do you mean with:
I currently don’t maintain any mappings between the PHP session_id and the CAS ticket. That’s up to the phpCAS library. |
|
So after looking on the code I think this way would fix the logout that's not working ! But there isn't a lighter way ? If the CAS ST ticket ID were used as the session ID it's easy to kill it after without to keep a mapping... Also the phpCAS lib manage the session very well (even in a cluster of servers), why not watching on it to do that ? After I can understand that's not easy to change the session management into Nextcloud. |
|
I maintain mapping between the PHP session_id and the CAS ticket on my patch because i don't know how we can do otherwise (When app receive SSO signal of casServer, it don't have any information of session with my test... :/). If you have short example, please send me (vilaffargueATwanadooPOINTfr) and i can try to do same if you want (when i have time....). |
The logout now only concern the session that was initiated by the CAS session
Need :
1/ One table (user_cas_ticket) in order to save the correspondance ticket<=>sessionId (Migration)
2/ One CronJob in order to delete ticket when token become invalide (folder BackgroundJob)