Open alexanderzobnin opened 1 year ago
@alexanderzobnin, is it because of this that the trivial example http://localhost:8000/logout
endpoint ends up redirecting to http://localhost:8000/saml/slo
and returning a 404
?
@rgl not sure, error here is happening during logout response processing, so it should not end up with 404, but with error ("Authentication failed").
When single logout is enabled, SP fails to perform logout with error
Authentication failed
. I tried to debug and found that error is happening inValidateLogoutResponseRedirect()
. It returns errors likeinvalid character entity &d (no semicolon)
orinvalid UTF-8
. After some investigation, I've found that it's related to compressed response. Error happens here:https://github.com/crewjam/saml/blob/2aeb2efd8c405fb7b40aa75b591b0828ef552670/service_provider.go#L1538
rawResponseBuf
contains compressed bytes and should be deflate first. In previous versions it was correct:https://github.com/crewjam/saml/blob/5e0ffd290abf0be7dfd4f8279e03a963071544eb/service_provider.go#L1561
where
gr
is deflated string:https://github.com/crewjam/saml/blob/5e0ffd290abf0be7dfd4f8279e03a963071544eb/service_provider.go#L1538
So I think the fix is pretty straightforward.