New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout response to idP initiated SLO #445
Comments
passport-saml's incoming LogoutRequest handling implementation is not spec compliant (it is unable to terminate SP side session using only information provided in LogoutRequest). See issue #419 for further information. tl;dr; you should not use passport-saml's current SLO handling implementation at all if your IdP is at different domain than your SP. LogoutRequest from IdP to SP over POST binding is especially dangerous/problematic. UPDATE: answer to your specific question can be found from the test code at aforementioned linked issue which contains passport-saml enabled webapplication with endpoint which handle e.g. LogoutRequest via POST binding. See ...
app.post(SP_SIDE_SINGLE_LOGOUT_SERVICE_ENDPOINT, passport.authenticate("saml", {} ));
... i.e. it delegates IdP initiated LogoutRequest over POST binding handling to
|
Thank you @srd90 for the insight, much appreciated! Still have not managed to produce a working solution, but it is good to know if the library's implementation is not spec compliant. Also have tried suggestions provided in issue #221, but to no success. Would be great if the documentation offered some more information on the logout process! |
I was able to solve my problem returning a LogoutResponse, and thought I'd share in case someone else is struggling with the same thing: I had configured my strategy |
Closing as dupe of #419. |
How to return a logout response to a logout request from idP? I have an idP that requires this as part of the SLO process, and after multiple attempts and going through the source code and documentation, I have not found out how to do this. Any advice would be much appreciated!
The text was updated successfully, but these errors were encountered: