Git Product home page Git Product logo

Comments (4)

SteelWagstaff avatar SteelWagstaff commented on July 27, 2024

I can produce errors/warnings on test networks by taking the following actions:

  1. Set SAML configuration values to match the following:
    Screenshot from 2021-06-24 11-30-23
    (crucial value is the SingleLogoutService one -- it needs to be https://samltest.id/idp/profile/Logout)
  2. Log in a user (rick, morty, or sheldon)
  3. Log out as this user

At this point I see a message from SAMLtest.ID informing me that I was successfully logged out of SAMLtest's IdP. I'm asked if I'd like to log out of all services accessed. If I click yes, the system attempts to contact https://NETWORK.URL/wp/shibboleth/ at which time I'm informed that the logout to the service at that URL failed

saml_logout_failure.mp4

If I leave the SingleLogoutService value set to its default value: https://samltest.id/idp/profile/SAML2/Redirect/SSO, I see the following error message when trying to logout:
Screenshot from 2021-06-24 11-37-48

This error message appears to come from the SAML library: https://github.com/onelogin/php-saml/blob/748abe18166a500b944835b9b07ed6129e3cd157/lib/Saml2/Response.php#L469-L486 + https://github.com/onelogin/php-saml/blob/master/lib/Saml2/LogoutResponse.php

from pressbooks-saml-sso.

SteelWagstaff avatar SteelWagstaff commented on July 27, 2024

Another client has reported a similar problem:

Seneca college sees a 'Signature validation failed. Logout response rejected' message after completing the logout flow.

image004

image001

Log.In.Pressbooks.Integrations.Pressbooks.Mozilla.Firefox.2022-02-28.20-02-03.mp4

This error appears to come from the underlying SAML library we depend on: https://github.com/onelogin/php-saml/blob/790a042f2d16a086a563793dab0eeb6a5a8c4e70/lib/Saml2/LogoutResponse.php#L195-L213

from pressbooks-saml-sso.

richard015ar avatar richard015ar commented on July 27, 2024

Just to confirm, the SLO for SAML test must be: https://samltest.id/idp/profile/SAML2/Redirect/SLO . Using that, the flow will work as expected for samltest.id

from pressbooks-saml-sso.

richard015ar avatar richard015ar commented on July 27, 2024

Reading: https://jpassing.com/2021/06/10/azure-ad-defaults-to-saml-logout-but-not-all-apps-support-that/

looks like the endpoint for SLO does not work. But if we use https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 it works as expected. I think it depends on the IdP settings on Microsoft.

I added that on Integrations and seems to work now.

from pressbooks-saml-sso.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.