search

aerialship / SamlSPBundle

SAML 2.0 Symfony SP Bundle - new version available at
http://www.lightsaml.com/SP-Bundle/
MIT License
63 stars 43 forks source link

SLO not working #51

Closed andrius-kulbis closed 8 years ago

andrius-kulbis commented 10 years ago

I have and IdP based on SimpleSAMLphp, and SP using this bundle.

I am trying to initiate SLO from another SP, but get 500 internal error from my symfony app which use SamlSPBundle:

Uncaught PHP Exception RuntimeException: "Logout request must be signed" at /var/www/symfony/vendor/aerialship/saml-sp-bundle/src/AerialShip/SamlSPBundle/Bridge/LogoutReceiveRequest.php line 148

I have sign.logout => true in my IdP, and I see the signature in logout request

Am I mising something?

app/config/security.yml
firewalls:
        saml:
            pattern: ^/
            anonymous: true
            aerial_ship_saml_sp:
                login_path: /saml/sp/login
                check_path: /saml/sp/acs
                logout_path: /saml/sp/logout
                failure_path: /saml/sp/failure
                metadata_path: /saml/sp/FederationMetadata.xml
                discovery_path: /saml/sp/discovery
                local_logout_path: /logout
                default_target_path: /
                create_user_if_not_exists: false
                provider: in_memory
                services:
                    somename:
                        idp:
                            file: "@AppMainBundle/Resources/Metadata.xml"
                        sp:
                            config:
                                entity_id: https://myurl
                                base_url: https://myurl
                            signing:
                                cert_file: "@AppMainBundle/Resources/certs/saml.crt"
                                key_file: "@AppMainBundle/Resources/certs/saml.pem"
                                key_pass: ""
                            meta:
                                name_id_format: transient
            logout:
                path: /logout
                target: /
                invalidate_session: false
jsor commented 10 years ago

I'm having the same problem. Any news on this?

guilhermecvmnsj commented 9 years ago

Same problem

tmilos commented 8 years ago

SLO is wrongfully implemented in this bundle. It's fixed in the new library version which is available in it's own organization at https://github.com/lightSAML, and SLO library in https://github.com/lightSAML/lightSAML-logout is in alpha version. You're welcome to evaluate it and help move it towards stable release.