Comments (4)
I can produce errors/warnings on test networks by taking the following actions:
- Set SAML configuration values to match the following:
(crucial value is the SingleLogoutService one -- it needs to be https://samltest.id/idp/profile/Logout) - Log in a user (rick, morty, or sheldon)
- Log out as this user
At this point I see a message from SAMLtest.ID informing me that I was successfully logged out of SAMLtest's IdP. I'm asked if I'd like to log out of all services accessed. If I click yes, the system attempts to contact https://NETWORK.URL/wp/shibboleth/
at which time I'm informed that the logout to the service at that URL failed
saml_logout_failure.mp4
If I leave the SingleLogoutService value set to its default value: https://samltest.id/idp/profile/SAML2/Redirect/SSO, I see the following error message when trying to logout:
This error message appears to come from the SAML library: https://github.com/onelogin/php-saml/blob/748abe18166a500b944835b9b07ed6129e3cd157/lib/Saml2/Response.php#L469-L486 + https://github.com/onelogin/php-saml/blob/master/lib/Saml2/LogoutResponse.php
from pressbooks-saml-sso.
Another client has reported a similar problem:
Seneca college sees a 'Signature validation failed. Logout response rejected' message after completing the logout flow.
Log.In.Pressbooks.Integrations.Pressbooks.Mozilla.Firefox.2022-02-28.20-02-03.mp4
This error appears to come from the underlying SAML library we depend on: https://github.com/onelogin/php-saml/blob/790a042f2d16a086a563793dab0eeb6a5a8c4e70/lib/Saml2/LogoutResponse.php#L195-L213
from pressbooks-saml-sso.
Just to confirm, the SLO for SAML test must be: https://samltest.id/idp/profile/SAML2/Redirect/SLO
. Using that, the flow will work as expected for samltest.id
from pressbooks-saml-sso.
Reading: https://jpassing.com/2021/06/10/azure-ad-defaults-to-saml-logout-but-not-all-apps-support-that/
looks like the endpoint for SLO does not work. But if we use https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
it works as expected. I think it depends on the IdP settings on Microsoft.
I added that on Integrations and seems to work now.
from pressbooks-saml-sso.
Related Issues (20)
- Support AES128-GCM encryption
- Improve user login experience by adding metadata which can be displayed in the IdP login flow
- Allow logins from IdP providers with MFA enabled HOT 2
- Improve incorrect configuration messages HOT 2
- Refactor to be PSR compatible
- Redirect to user or network manager dashboard after successful login
- Make encryption of claims optional by default
- Insufficient contrast on login page
- Logout error message and issue with workaround
- Change default login redirect behavior for SAML SSO plugin
- Improve SSO performance by preferring attribute name before FriendlyName
- User logged in as someone else HOT 2
- Improve logout message
- Replace TravisCI with GitHub Actions
- Improve login/logout for SSO
- New users are being created with extra characters at end of username HOT 1
- [Feature] Store user's Name value as Display Name value if received HOT 2
- Improve logging HOT 3
- New user notification not being sent with registration through SSO
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pressbooks-saml-sso.