Hide logout menu link from anonymous.

Created on 6 April 2023, over 1 year ago
Updated 28 June 2024, 6 months ago

Problem/Motivation

Currently, the logout path (/saml/logout) is accessible to an anonymous.

Proposed resolution

Change this path to authenticated user only.

After the line 19 at samlauth.routing.yml,
Add following line

_user_is_logged_in: 'TRUE'
Feature request
Status

Postponed: needs info

Version

3.0

Component

Code

Created by

🇦🇺Australia mingsong 🇦🇺

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @mingsong
  • Status changed to Needs review over 1 year ago
  • 🇦🇺Australia mingsong 🇦🇺
  • Status changed to Postponed: needs info over 1 year ago
  • 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU

    The title says "menu link" but the problem/motivation says "path" -- and the patch changes the routing.yml, not a menu link.

    Yes, the /saml/logout path is accessible to anonymous users. That has been done explicitly in #3043704: Make user logout more robust . If someone who is already logged out from the Drupal site gets redirected from the IdP as part of a multi-site SLO flow, then that SLO should not be interrupted (the user should get redirected back to the IdP).

    The menu link provided by this module works, because it switches between "log in" and "log out" according to the user's status.

    I suspect you added a 'simple' menu link with path /saml/logout through the admin UI, and want it to automatically disappear when the user is logged out. Unfortunately you cannot do this by blocking access to the /saml/logout route, because of the above.

    Please close or provide more info as appropriate.

  • First commit to issue fork.
  • Open on Drupal.org →
    Core: 9.5.5 + Environment: PHP 7.4 & MySQL 5.7
    last update 6 months ago
    Waiting for branch to pass
Production build 0.71.5 2024