Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

example logout not working #30

Open
simevo opened this issue Aug 11, 2018 · 2 comments
Open

example logout not working #30

simevo opened this issue Aug 11, 2018 · 2 comments

Comments

@simevo
Copy link
Owner

simevo commented Aug 11, 2018
edited
Loading

click "logout", no LogoutRequest is sent !

cause: $sp->isAuthenticated returns false because there is no Response in the headers so it skips the line $sp->logout()

this check also occurs in the SpOneLogin.php implementation !
@simevo
Copy link
Owner Author

simevo commented Aug 11, 2018

tentative patch:

diff --git a/example/logout.php b/example/logout.php
index 293c6ad..3d11223 100644
--- a/example/logout.php
+++ b/example/logout.php
@@ -5,9 +5,4 @@ require_once(__DIR__ . "/settings.php");
 
 $sp = new Italia\Spid2\Sp($settings);
 
-if ($sp->isAuthenticated()) {
-    $sp->logout();
-} else {
-    echo "Logged out!";
-    echo '<p><a href="index.php" >Go back</a></p>';
-}
+$sp->logout();
diff --git a/src/Strategy/SpOneLogin.php b/src/Strategy/SpOneLogin.php
index 958bd4d..5695a21 100644
--- a/src/Strategy/SpOneLogin.php
+++ b/src/Strategy/SpOneLogin.php
@@ -162,11 +162,9 @@ class SpOneLogin implements SpInterface
 
     public function logout()
     {
-        if ($this->auth->isAuthenticated() === false) {
-            return false;
+        if (isset($_SESSION) && isset($_SESSION['idpName'])) {
+            $this->changeIdp($_SESSION['idpName']);
         }
-        $this->auth->logout();
-
         $sloBuiltUrl = $this->auth->logout(null, array(), null, null, true);
         $_SESSION['LogoutRequestID'] = $this->auth->getLastRequestID();

but then you hit: #2 (comment)

@simevo
Copy link
Owner Author

simevo commented Aug 11, 2018

fixing that with #2 (comment) you get ERR_TOO_MANY_REDIRECTS since it keeps getting 302:

[Sat Aug 11 09:31:37 2018] 192.168.122.1:46238 [302]: /logout.php?SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha512&SAMLResponse=fVFda4MwFH3frwh58UlN7Ic2VMtY21HoWjpdGXsZGtNW0ES8sWz79YuyrYVB3%2B7XOfece6ezj6pEZ9FAoWRoUYdYSEiu8kIeQ%2BslWdqBNYvuphIIW6ujavWzgFpJEMgAJTDTCHHbSKZSKEyaVgKY5iy%2Bf1ozzyGsbpRWXJX4D0BvA1IA0WgjB6O5AF3ItEtCfNK6Zq4LtedAUYmzcriqWEAIcctemVOfaoxW8xAXub384pvXODnsdgtOz2XyYTryV3uiQrzdLNbbx9XmfeJl%2BeRARxnJh6PM9zMiOB9nHhfBeDzyhp5PcjL0MkMA0IqVBJ1KHWKP0MAmgU1pQiZsQNnAf8No%2F3NKbKzgyNyNsh7WoKVqqlTf9t5VjPhDP8qE1IX%2BxFHnHIz1Iq%2BvrE%2FdC3nUPyjWqW7hOn5QuUD7tGzF7b3QT7O45VwAYORGHfuF0f3%2F%2F%2Bgb&RelayState=http%3A%2F%2Fsp2.simevo.com%3A8000%2Flogout.php&Signature=HOTXGwCGb9IAXaelILiRCR%2FycUz3zRxG3odqDSJx4%2B4d94rOoYelxMD3XHf9p0XkXKlOZfN0AScoawcy%2Fcuf4U25H1Xyz3skHaq8Vt%2FglD16xUxYc7lJy7uYo8FH5v5rm2jVnVXcvtDKeM6xBP6fDYBkPIzP1IhQjfmDGTC%2FwqsJfw1V29F1fqiOvVXEni0v8u0y2Y5s9fR2iDFv7zWjCHfrjRafB1hz4GGFidEc5KOgnpqninGTJzxxEthGWdaNCfG9TBYMD%2FzHF9xUoSuy8yMWlEbuht69mHk4oF61FoK53ZRfqhvUDEgCIs0LfFe%2Fk21WWiir6rNfWOaIL0HZEw%3D%3D

what is missing here is the processing of the SLO response !

simevo pushed a commit that referenced this issue Aug 14, 2018
fix #30: we are sessionless so it makes sense to check auth->isAuthen…
6841c29 
…ticated only in acs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simevo