olavmrk
commented
7 years ago Hi,
could you verify that the "User attempted to initiate logout without being loggged in."-message is logged when you initially clock the "Log out"-link?
In that case, it would indicated that you are not actually logged in. There could be many reasons for this. For example, if you start logout on http, while the authentication cookie is only set with the "secure"-flag.
Another option could be a mixup with the mod_auth_mellon configuration, where you somehow end up with two SPs, one in /secret/endpoint, and a different at a different set of URLs.
luyandasiko
I will have to apologize if this issue has been raised before I did go through this list of issues. So here is the context:
We have a website that is built with Laravel. The Authentication Layer uses a WSO2 Identity Server instance that is hosted remotely (outside our LAN). We have setup this module with our Laravel-Based project. The Service Provider only facilitate SSO on this website and not others on the application server.
The LOGIN REQUEST takes place successfully, however, I have been struggling to get the LOGOUT REQUEST to pull through (see below issues):
When I add the code shown above on my webpage and click the logout link for the first time it just shows me a 500 Internal Server Error that when I browser refresh, my SSO LOGOUT REQUEST is only sent then.
Also looking at the log file I see the following error that does not make sense:
It is not really clear to me whether the issue lies with the IdP, SP which is our Application Server, or Laravel. I can speculate that chances are the issue is with the underlying techology used to build this module I could be wrong (lasso that is).
Anyone to point me to a right direction on how I can fix this?