diff --git a/README.md b/README.md index 9a5630eed6c0f6ad7400bc085f8354d140f4cd11..7f0e89ca943790ab71902d24d30d9d62852feede 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ $wgMinimalPasswordLength = 0; // Last portion of the shibboleth WAYF url for lazy sessions. // This value is found in your shibboleth.xml file on the setup for your SP // WAYF url will look something like: /Shibboleth.sso/WAYF/$shib_WAYF -$shib_WAYF = ""; +$shib_WAYF = "Login"; //Are you using an old style WAYF (Shib 1.3) or new style Discover Service (Shib 2.x)? //Values are WAYF or DS, defaults to WAYF @@ -26,7 +26,7 @@ $shib_LogoutHint = "Logout"; // Where is the assertion consumer service located on the website? // Default: "/Shibboleth.sso" -$shib_AssertionConsumerServiceURL = "/Shibboleth.sso"; +$shib_AssertionConsumerServiceURL = ""; // Map Real Name to what Shibboleth variable(s)? $shib_RN = isset($_SERVER['HTTP_COMMON_NAME']) ? $_SERVER['HTTP_COMMON_NAME'] : null; diff --git a/ShibAuthPlugin.php b/ShibAuthPlugin.php index 39027b9a8a6f6cd137ae63f21d4779d5267b9391..222a7e67ad513fff82099c5f454924c1be4eef5d 100644 --- a/ShibAuthPlugin.php +++ b/ShibAuthPlugin.php @@ -285,10 +285,9 @@ function SetupShibAuth() /* Add login link */ function ShibLinkAdd(&$personal_urls, $title) { - global $shib_WAYF, $shib_LoginHint, $shib_Https, $shib_AssertionConsumerServiceURL; + global $shib_WAYF, $shib_LoginHint, $shib_Https; global $shib_WAYFStyle; - if (! isset($shib_AssertionConsumerServiceURL) || $shib_AssertionConsumerServiceURL == '') - $shib_AssertionConsumerServiceURL = "/Shibboleth.sso"; + if (! isset($shib_Https)) $shib_Https = false; if (! isset($shib_WAYFStyle)) @@ -304,7 +303,7 @@ function ShibLinkAdd(&$personal_urls, $title) $personal_urls['SSOlogin'] = array( 'text' => $shib_LoginHint, 'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] . - $shib_AssertionConsumerServiceURL . "/" . $shib_ConsumerPrefix . "Login" . + getShibAssertionConsumerServiceURL() . "/" . $shib_ConsumerPrefix . $shib_WAYF . '?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $pageurl, ); return true; @@ -313,14 +312,14 @@ function ShibLinkAdd(&$personal_urls, $title) /* Kill logout link */ function ShibActive(&$personal_urls, $title) { - global $shib_LogoutHint, $shib_Https, $shib_AssertionConsumerServiceURL; + global $shib_LogoutHint, $shib_Https; global $shib_RN; global $shib_map_info; $personal_urls['logout'] = array( 'text' => $shib_LogoutHint, 'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] . - $shib_AssertionConsumerServiceURL . "/Logout" . + getShibAssertionConsumerServiceURL() . "/Logout" . '?return=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://'. $_SERVER['HTTP_HOST']. "/index.php?title=Special:UserLogout&returnto=" . $title->getPartialURL()); @@ -331,6 +330,16 @@ function ShibActive(&$personal_urls, $title) return true; } +function getShibAssertionConsumerServiceURL() { + global $shib_AssertionConsumerServiceURL; + + if (! isset($shib_AssertionConsumerServiceURL) || $shib_AssertionConsumerServiceURL == '') { + $shib_AssertionConsumerServiceURL = "/Shibboleth.sso"; + } + + return $shib_AssertionConsumerServiceURL; +} + function ShibAutoAuthenticate(&$user) { ShibUserLoadFromSession($user, true); }