From 6d14a8002a9c2705348e20ae53269b0a1abe1612 Mon Sep 17 00:00:00 2001
From: avdata99 <andres@data99.com.ar>
Date: Tue, 23 Jul 2024 08:34:09 -0300
Subject: [PATCH 1/2] Allow skip logout

---
 README.md                   | 2 ++
 ckanext/saml2auth/plugin.py | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9aef2ea..f4316f4 100644
--- a/README.md
+++ b/README.md
@@ -135,6 +135,8 @@ Optional:
     # Saml logout request preferred binding settings variable
     # Default: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
     ckanext.saml2auth.logout_expected_binding =  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+    # If you don't want to logout from external source you can use
+    ckanext.saml2auth.logout_expected_binding = skip-external-logout
 
     # Default fallback endpoint to redirect to if no RelayState provided in the SAML Response
     # Default: user.me (ie /dashboard)
diff --git a/ckanext/saml2auth/plugin.py b/ckanext/saml2auth/plugin.py
index 8e0ed57..bdb1468 100644
--- a/ckanext/saml2auth/plugin.py
+++ b/ckanext/saml2auth/plugin.py
@@ -97,7 +97,11 @@ def update_config(self, config_):
 
     def logout(self):
 
-        response = _perform_slo()
+        config = sp_config()
+        if config.get('logout_expected_binding') == 'skip-external-logout':
+            response = None
+        else:
+            response = _perform_slo()
 
         if response:
             domain = h.get_site_domain_for_cookie()

From e738d36892f02d5c5caf36f12f882ee0ddcb99f5 Mon Sep 17 00:00:00 2001
From: avdata99 <andres@data99.com.ar>
Date: Tue, 23 Jul 2024 08:46:10 -0300
Subject: [PATCH 2/2] Improve logout

---
 ckanext/saml2auth/plugin.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/ckanext/saml2auth/plugin.py b/ckanext/saml2auth/plugin.py
index bdb1468..7976222 100644
--- a/ckanext/saml2auth/plugin.py
+++ b/ckanext/saml2auth/plugin.py
@@ -97,11 +97,7 @@ def update_config(self, config_):
 
     def logout(self):
 
-        config = sp_config()
-        if config.get('logout_expected_binding') == 'skip-external-logout':
-            response = None
-        else:
-            response = _perform_slo()
+        response = _perform_slo()
 
         if response:
             domain = h.get_site_domain_for_cookie()
@@ -124,9 +120,12 @@ def _perform_slo():
 
     response = None
 
-    client = h.saml_client(
-        sp_config()
-    )
+    config = sp_config()
+    if config.get('logout_expected_binding') == 'skip-external-logout':
+        log.debug('Skipping external logout')
+        return
+
+    client = h.saml_client(config)
     saml_session_info = get_saml_session_info(session)
     subject_id = get_subject_id(session)