Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix SAML logout response issues #17879

Closed
wants to merge 2 commits into from
Closed

Conversation

spaceone
Copy link

The SAML logout is currently broken in 2 ways:

  • invalid XML generation in <samlp:LogoutResponse> which doesn't enclose <samlp:StatusCode/> into <samlp:Status/>
  • missing InResponseTo="$IDofRequest" attribute in the <samlp:LogoutResponse> which must be filled with the ID attribute from the <samlp:LogoutRequest>.

<samlp:StatusCode/> must be enclosed in <samlp:Status/>
@CLAassistant
Copy link

CLAassistant commented Jun 11, 2020

CLA assistant check
All committers have signed the CLA.

<samlp:LogoutResponse/> must contain the InResponseTo= attribute which
contains the value from the <samlp:LogoutRequest>
@spaceone
Copy link
Author

I don't know why Build Docker image for PRs is failing...

@pierre-lehnen-rc
Copy link
Contributor

PR #17742 will change the generation of the XML to allow editing a template, with it you'll be able to include the tag on the response.
I had noticed this tag was missing before but the response is also working for many current users and I hadn't had any report of it not working, so I was afraid to change it, but I'll look into the SAML specification to check if it's mandatory or not.

I'll merge this into that PR to include the inResponseTo attribute as well.

@pierre-lehnen-rc
Copy link
Contributor

Closing via #17742

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants