[Koha-bugs] [Bug 40973] New: Redirect to configurable destination after Shibboleth logout

Thu, 09 Oct 2025 04:15:30 -0700 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40973

            Bug ID: 40973
           Summary: Redirect to configurable destination after Shibboleth
                    logout
 Change sponsored?: ---
           Product: Koha
           Version: Main
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
                CC: [email protected]

We have a scenario where we have disabled OpacPublic, and set OPACShibOnly =
Don't allow. This means that when users visit the OPAC they are immediately
sent to the idP for login. This works great. The problem is when they try to
logout, because after logging out they are sent back to the OPAC, where they
are automatically logged in again, if they are still logg in to the idP. This
means users can be caught in a loop, with no possibility of getting logged out
of Koha.

This is the code in C4::Auth_with_shibboleth that returns users to the OPAC
after logout: 

# Logout from Shibboleth
sub logout_shib {
    my ($query) = @_;
    my $uri = _get_uri();
    my $return = _get_return($query);
    print $query->redirect( $uri . "/Shibboleth.sso/Logout?return=$return" );
}

(_get_uri basically returns staffClientBaseURL or OPACBaseURL, as appropriate)

To get around this we would like to propose that logout_shib could() send users
to a configurable location, outside of Koha, based on a syspref. Something like
this: 

# Logout from Shibboleth
sub logout_shib {
    my ($query) = @_;
    my $uri = _get_uri();
    my $return;
    if ( C4::Context->preference('ShibRedirectURLAfterLogout') ) {
        $return = C4::Context->preference('ShibRedirectURLAfterLogout');
    } else {
        $return = _get_return($query);
    }
    print $query->redirect( $uri . "/Shibboleth.sso/Logout?return=$return" );
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to