SAML single logout not working with SimpleSAMLphp

[adanielvv]

Description:

SAML implementation works with login, not logout

Steps to reproduce:

1. Setup SAML auth according to https://rocket.chat/docs/administrator-guides/authentication/saml/
2. Login using SAML
3. Logout using SAML

Expected behavior:

Logout goes through.

Actual behavior:

Sorry, an annoying error occured
TypeError: First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.
Close Window
on page:

https://chat.schreeuwomleven.nl/_saml/logout/ldap/?SAMLRequest=<code>&RelayState=_<code>

Noticed in the RocketChat code there is code to check for SAMLResponse, not SAMLRequest.

Server Setup Information:

• Version of Rocket.Chat Server: 0.73.2
• Operating System: Ubuntu 18.04
• Deployment Method: snap
• Number of Running Instances: 1
• SimpleSAMLphp version 1.17

[tuxcrafter]

Did you ever got SLO to work with rocketchat. I am questioning it worked in the first place. We are having the same error with Ipsilon IdP

[barrydegraaff]

I can confirm this issue, the type error is thrown in:
programs/server/packages/steffo_meteor-accounts-saml.js

As a result of this line of code, where samlResponse is emtpy
const compressedSAMLResponse = new Buffer(samlResponse, 'base64');

This line of code is in the validateLogoutResponse method, that is called from a case statement earlier in the code where req.query.SAMLResponse seems to be empty.

I think this means SAML SLO is broken in Rocket ATM.