search

catalyst / moodle-auth_saml2

SAML done 100% in Moodle, fast, simple, secure
https://moodle.org/plugins/auth_saml2
70 stars 132 forks source link

WIP [#769]: comment out SPNameQualifier from SimpleSAML lib for testing #770

Closed brendanheywood closed 10 months ago

brendanheywood commented 10 months ago

Closes #769

jwalits commented 10 months ago

Tried 3 different scenarios as discussed

a) Update authsources to convert NameIdPolicy to an array 2023-09-06_16-59

This made no difference to the logout request - SPNameQualifier was still getting passed and couldn't log out of Moodle.

b) Change nameid to transient nameidtransient

This caused the following error when trying to login from Moodle nameidtransient_error

c) Set "Expose NameID as attribute" setting to No. Redirects to IdP correctly, but after successful login at IdP level, it fails to login to Moodle

2023-09-06_17-07

However, when "Logout" is clicked above, the SPNameQualifier attribute is not sent and logout from IdP is successful

jwalits commented 10 months ago

Probably no need for this PR now, as we've found a way to avoid doing this by choosing "No" for "Expose Nameid as attribute" option and passing email address as a regular field in the saml response from the IdP.