Open d--j opened 8 months ago
Thanks for the detailed and concise issue. This seems like a good thing to document like you recommended so thanks for sharing. I’m going to do some validation and update things here.
Hey @d--j ,
I'm actually not able to replicate this. Do I have this configured right to replicate what you're seeing?
Here is my config/app.php
:
use craft\helpers\App;
return [
'components' => [
'session' => function() {
$config = craft\helpers\App::sessionConfig();
$config['cookieParams']['sameSite'] = 'None';
return Craft::createObject($config);
},
],
'id' => App::env('CRAFT_APP_ID') ?: 'CraftCMS',
];
SLO is working for me as expected.
Also, I added a twig help for the logout url. See some docs here: https://saml-sp.flipboxfactory.com/configure/logout.html#twig-logout-url-extension
If one sets sameSiteCookieValue to anything other than
None
(includingnull
– the default – in modern browsers see web.dev) SLO logout does not work.Since the logout uses the session to store the SAML message ID, the SLO response will fail at this line https://github.com/flipboxfactory/saml-core/blob/d97a39bb23ef0b910b78c7f7463fb5e5b11164e9/src/controllers/messages/AbstractLogoutController.php#L73 . The SAML response will come from an external request so the session cookie will not be available for this action.
You might want to add this information to the documentation.
I only changed the session cookie
sameSite
viaconfig/app.web.php
: