Allow configuration of SAML logout behaviour

packages/meteor-accounts-saml/saml_client.js

@@ -9,22 +9,30 @@ if (!Accounts.saml) {
 // If we find a samlProvider, and we are using single
 // logout we will initiate logout from rocketchat via saml.
 // If not using single logout, we just do the standard logout.
+// This can be overridden by a configured logout behaviour.
 //
 // TODO: This may need some work as it is not clear if we are really
 // logging out of the idp when doing the standard logout.
 
 const MeteorLogout = Meteor.logout;
+const logoutBehaviour = {
+	TERMINATE_SAML: "SAML",
+	ONLY_RC: "Local"
+}
 
 Meteor.logout = function() {
 	const samlService = ServiceConfiguration.configurations.findOne({service: 'saml'});
 	if (samlService) {
 		const provider = samlService.clientConfig && samlService.clientConfig.provider;
-		if (provider) {
+		if (provider && samlService.logoutBehaviour === logoutBehaviour.TERMINATE_SAML) {
 			if (samlService.idpSLORedirectURL) {
 				return Meteor.logoutWithSaml({ provider });
 			}
 		}
 	}
+	if(samlService.logoutBehaviour === logoutBehaviour.ONLY_RC){
+		console.info("SAML session not terminated, only the Rocket.Chat session is going to be killed")
+	}
 	return MeteorLogout.apply(Meteor, arguments);
 };
 

packages/meteor-accounts-saml/saml_rocketchat.js

@@ -85,6 +85,16 @@ Meteor.methods({
 			section: name,
 			i18nLabel: 'SAML_Custom_Generate_Username'
 		});
+		RocketChat.settings.add(`SAML_Custom_${ name }_logout_behaviour`, 'SAML', {
+			type: 'select',
+				values: [
+					{key: 'SAML', i18nLabel: 'SAML_Custom_Logout_Behaviour_Terminate_SAML_Session'},
+					{key: 'Local', i18nLabel: 'SAML_Custom_Logout_Behaviour_End_Only_RocketChat'}
+				],
+			group: 'SAML',
+			section: name,
+			i18nLabel: 'SAML_Custom_Logout_Behaviour'
+		});
 	}
 });
 
@@ -100,6 +110,7 @@ const getSamlConfigs = function(service) {
 		idpSLORedirectURL: RocketChat.settings.get(`${ service.key }_idp_slo_redirect_url`),
 		generateUsername: RocketChat.settings.get(`${ service.key }_generate_username`),
 		issuer: RocketChat.settings.get(`${ service.key }_issuer`),
+		logoutBehaviour: RocketChat.settings.get(`${ service.key }_logout_behaviour`),
 		secret: {
 			privateKey: RocketChat.settings.get(`${ service.key }_private_key`),
 			publicCert: RocketChat.settings.get(`${ service.key }_public_cert`),

packages/rocketchat-i18n/i18n/de.i18n.json

@@ -1545,6 +1545,9 @@
   "SAML_Custom_Generate_Username": "Benutzernamen generieren",
   "SAML_Custom_IDP_SLO_Redirect_URL": "IDP SLO Redirect URL",
   "SAML_Custom_Issuer": "Benutzerdefinierter Aussteller",
+  "SAML_Custom_Logout_Behaviour": "Logout-Verhalten",
+  "SAML_Custom_Logout_Behaviour_Terminate_SAML_Session": "SAML-Session beenden",
+  "SAML_Custom_Logout_Behaviour_End_Only_RocketChat": "Nur von Rocket.Chat abmelden",
   "SAML_Custom_Private_Key": "Privater Schlüssel",
   "SAML_Custom_Provider": "Benutzerdefinierter Provider",
   "SAML_Custom_Public_Cert": "Öffentliches Zertifikat",

packages/rocketchat-i18n/i18n/en.i18n.json

@@ -1602,6 +1602,9 @@
   "SAML_Custom_Generate_Username": "Generate Username",
   "SAML_Custom_IDP_SLO_Redirect_URL": "IDP SLO Redirect URL",
   "SAML_Custom_Issuer": "Custom Issuer",
+  "SAML_Custom_Logout_Behaviour": "Logout Behaviour",
+  "SAML_Custom_Logout_Behaviour_Terminate_SAML_Session": "Terminate SAML-session",
+  "SAML_Custom_Logout_Behaviour_End_Only_RocketChat": "Only log out from Rocket.Chat",
   "SAML_Custom_Private_Key": "Private Key Contents",
   "SAML_Custom_Provider": "Custom Provider",
   "SAML_Custom_Public_Cert": "Public Cert Contents",