Skip to content
Browse files

Merge pull request #11 from jcwilk/uri_escape_ssout

Uri escape ssout
  • Loading branch information...
2 parents 27d5148 + f2e4844 commit cc2865606b18381273a85d778491e598a2b74001 @zuk zuk committed
Showing with 4 additions and 2 deletions.
  1. +4 −2 lib/casclient/frameworks/rails/filter.rb
View
6 lib/casclient/frameworks/rails/filter.rb
@@ -278,8 +278,10 @@ def single_sign_out(controller)
if controller.request.post? &&
controller.params['logoutRequest'] &&
- controller.params['logoutRequest'] =~
- %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m
+ #This next line checks the logoutRequest value for both its regular and URI.escape'd form. I couldn't get
+ #it to work without URI.escaping it from rubycas server's side, this way it will work either way.
+ [controller.params['logoutRequest'],URI.unescape(controller.params['logoutRequest'])].find{|xml| xml =~
+ %r{^<samlp:LogoutRequest.*?<samlp:SessionIndex>(.*)</samlp:SessionIndex>}m}
# TODO: Maybe check that the request came from the registered CAS server? Although this might be
# pointless since it's easily spoofable...
si = $~[1]

0 comments on commit cc28656

Please sign in to comment.
Something went wrong with that request. Please try again.