Closed mkhyman closed 2 months ago
Is not that easy, you will need also to be able to validate Signatures embedded.
ok, yes you are right, I did not take into account $logoutResponse->isValid(..) internally uses $_GET however that is not insurmountable since either the required data could be passed in to the method (my preference) or a similar approach which checks in both $_GET and $_POST could be done. Neither is difficult.
If you give me permission to create pull requests i can show u what I mean if you want.
My IDP uses POST to send SLO saml responses.
As far as I can tell it is a simple change but I can't create pull requests.
Auth::processSLO needs to change from:
to:
with the wording of the error message at bottom reflecting this change.