From e94ea80ce14a19ae470d049e3f89c14841abb04a Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Wed, 20 Aug 2014 13:20:57 -0400
Subject: [PATCH] More targeted parameter stripping. - Resolves VUFIND-1020.

---
 .../src/VuFind/Controller/MyResearchController.php     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/module/VuFind/src/VuFind/Controller/MyResearchController.php b/module/VuFind/src/VuFind/Controller/MyResearchController.php
index 7769210f482..82695b70592 100644
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -248,8 +248,14 @@ class MyResearchController extends AbstractBase
                 $logoutTarget = $this->getServerUrl('home');
             }
 
-            // clear querystring parameters
-            $logoutTarget = preg_replace('/\?.*/', '', $logoutTarget);
+            // If there is an auth_method parameter in the query, we should strip
+            // it out. Otherwise, the user may get stuck in an infinite loop of
+            // logging out and getting logged back in when using environment-based
+            // authentication methods like Shibboleth.
+            $logoutTarget = preg_replace(
+                '/([?&])auth_method=[^&]*&?/', '$1', $logoutTarget
+            );
+            $logoutTarget = rtrim($logoutTarget, '?');
         }
 
         return $this->redirect()
-- 
GitLab