Open oyvindskj opened 3 years ago
Hey @oyvindskj, could you please provide more details because i'm not able to reproduce the issue, thanks.
Hi @duskobogdanovsk. What I see is that when Azure does the callback
POST https://test-data.mydomain.com/acs
which then returns 302
with header location: https://test-data.mydomain.com/user/me
, there are 3 response headers like this:
some-value
is equal across the three headers. I looked in the SAML body that was posted, but could not find any .test
there. Can it be some misconfiguration of our CKAN?
@oyvindskj, the leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109. Could you please verify that after you log out: ckan and auth_tkt cookies are deleted?
@duskobogdanovski This is described in the initial issue: Only one of the two auth_tkt
cookies are deleted. Also, the ckan
cookie remains. I am using Chrome 93.0.4577.82.
@oyvindskj this is quite peculiar, cause the behavior is correct, cookies are set and managed by core CKAN, you can see that even tests expect the same behavior https://github.com/ckan/ckan/blob/0ab924d5ea331625bd61a805f23c68a17f028193/ckan/tests/lib/test_auth_tkt.py. However it could be a real bug/issue, so would be great to know which CKAN core version you're running.
2.9.3
is our CKAN version @mbocevski
/api/3/action/status_show
gives
{ "success": true, "result": { "site_url": "https://test-data.mydomain.com", "ckan_version": "2.9.3", "error_emails_to": null, "locale_default": "nb_NO", "extensions": [ "scheming_datasets", "pages", "dcat", "stats", "text_view", "image_view", "recline_view", "recline_graph_view", "recline_grid_view", "recline_map_view", "datastore", "datapusher", "resource_proxy", "pdf_view", "hidegroups", "saml2auth" ] } }
I removed two extensions we have developed ourself.
Let me know if there is something I can do to help. I tried with Edge as well - same behaviour.
Describe the bug Using Azure AD for SSO with CKAN, two
auth_tkt
cookies are created after login. They are equal, but with different domain:test-data.mydomain.com
.test-data.mydomain.com
When logging out, only cookie2 is deleted, leaving cookie1 to keep my session towards CKAN alive. If I try logout again, Azure says I am already logged out and cookie1 remains active.
ckanext-saml2auth version affected v1.2.1
Expected behaviour To be logged out of CKAN when I click "Log out"