SLO RelayState is set to user/logout

[cagedartist]

Currently, when user hits /user/logout and SLO is enabled, the module redirects to the IdP with a SAML LogoutRequest. RelayState is set to /user/logout. Later, if this RelayState is used, /user/logout may be requested again. The second time, the user has no local session. What happens next depends on how Drupal is configured. In our case, it's something truly stupid. (Because /user/logout requires authentication, we issue an AuthnRequest to the IdP.) Anyhow, the trouble begins with the LogoutRequest. RelayState should never be /user/logout.

I have an example SSO trace using Drupal and Moodle with Onelogin, if you'd like to see it.

[pitbulk]

I will review that :)

[pitbulk]

Can you set at the onelogin_saml functions, the onelogin_saml_sls method as:

function onelogin_saml_sls() {
  $auth = initialize_saml();

  $auth->processSLO();
  if (empty($auth->getErrors())) {
      setcookie('drupal_saml_login', 0, time() + 360000);
      session_destroy();
  }
  else {
    drupal_set_message("SLS endpoint found an error.".$auth->getLastErrorReason(), 'error', FALSE);
  }

  if (isset($_GET ['destination']) && strpos($_GET ['destination'], 'user/logout') !== FALSE) {
    unset($_GET ['destination']);
  }
  drupal_goto('');
}

And say to me if that solved the problem. If not, please provide to me the SSO trace in order to see what going on since in my Drupal instance all is working as expected.

[cagedartist]

No difference. Initial SLO request has RelayState of user/logout. Also: As I recall, RelayState should not be a full url (as it is, here).

On May 28, 2015, at 5:35 AM, Sixto Martin notifications@github.com wrote:

Can you set at the onelogin_saml functions, the onelogin_saml_sls method as:

function onelogin_saml_sls() { $auth = initialize_saml();

$auth->processSLO(); if (empty($auth->getErrors())) { setcookie('drupal_saml_login', 0, time() + 360000); session_destroy(); } else { drupal_set_message("SLS endpoint found an error.".$auth->getLastErrorReason(), 'error', FALSE); }

if (isset($_GET ['destination']) && strpos($_GET ['destination'], 'user/logout') !== FALSE) { unset($_GET ['destination']); } drupal_goto(''); } And say to me if that solved the problem. If not, please provide to me the SSO trace in order to see what going on.

— Reply to this email directly or view it on GitHub https://github.com/onelogin/drupal-saml/issues/20#issuecomment-106248190.

+++++++++++++++++++++++++++++ GET https://berkleedev.prod.acquia-sites.com/user/logout HTTP/1.1 Host: berkleedev.prod.acquia-sites.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://berkleedev.prod.acquia-sites.com/dashboard Cookie: SESS57cec447ba9c1ba34b646bb4944a795c=P8IJPQL9Ja8Wz-q53tfQxUEZXRFZVQN3IgW6deq4-6I; SSESS57cec447ba9c1ba34b646bb4944a795c=kY9XJ-rH3iLtNaM3r5HTHOZ2KNdXRO3R9Ivb4phSMJs; has_js=1; atuvc=1%7C21; atuvs=556724f4da93db74000

HTTP/?.? 302 Moved Temporarily Server: nginx Date: Thu, 28 May 2015 14:24:17 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Thu, 28 May 2015 14:24:17 GMT Etag: "1432823057" Set-Cookie: SSESS57cec447ba9c1ba34b646bb4944a795c=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.berkleedev.prod.acquia-sites.com; secure; httponly SESS57cec447ba9c1ba34b646bb4944a795c=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.berkleedev.prod.acquia-sites.com; httponly Pragma: no-cache Cache-Control: no-cache, must-revalidate Location: https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/450341?SAMLRequest=fVLLasMwELznK4LujvxOKmJDIW0xpEnblB56KRt7nQhsyZXW0P59%2FUggzSE6SbMzw8yipYW6asRaH3RLb%2FjdoqXJtDs%2FdaWsGKYJa40SGqy0QkGNVlAudvfPa%2BHPXNEYTTrXFbuS3VaBtWhIajXKslXCtpuH9fYp23zFbrzw94DFPEZv7xXzsHQB8gDcRYSlV5RxEAaY343SDzS280lYZ3sys7bFTFkCRR3sepHjRo6%2FePdC4YfCm3%2BOvFXXVSqgQX0kaqzgfJ%2FXDnWDmVZY6YNUs1zXnExrife1fN4zHYOFNJh3WKV5GLlB6LF0cF32LDFkMGlzbJz%2BveSX6AVv020mW013L%2F3ltYVKlhJNws5CNn3Upga6vc0ekYVTDlSBiiT9svRcCZrmf5vemNdIUADBKf0p4ZhnTDgZsavfkf4B&RelayState=https%3A%2F%2Fberkleedev.prod.acquia-sites.com%2Fuser%2Flogout X-Request-ID: 29e58f29-0ae7-4b14-bdc1-2bcb6eaaa40c X-AH-Environment: dev Vary: Accept-Encoding Content-Encoding: gzip

+++++++++++++++++++++++++++++ GET https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/450341?SAMLRequest=fVLLasMwELznK4LujvxOKmJDIW0xpEnblB56KRt7nQhsyZXW0P59%2FUggzSE6SbMzw8yipYW6asRaH3RLb%2FjdoqXJtDs%2FdaWsGKYJa40SGqy0QkGNVlAudvfPa%2BHPXNEYTTrXFbuS3VaBtWhIajXKslXCtpuH9fYp23zFbrzw94DFPEZv7xXzsHQB8gDcRYSlV5RxEAaY343SDzS280lYZ3sys7bFTFkCRR3sepHjRo6%2FePdC4YfCm3%2BOvFXXVSqgQX0kaqzgfJ%2FXDnWDmVZY6YNUs1zXnExrife1fN4zHYOFNJh3WKV5GLlB6LF0cF32LDFkMGlzbJz%2BveSX6AVv020mW013L%2F3ltYVKlhJNws5CNn3Upga6vc0ekYVTDlSBiiT9svRcCZrmf5vemNdIUADBKf0p4ZhnTDgZsavfkf4B&RelayState=https%3A%2F%2Fberkleedev.prod.acquia-sites.com%2Fuser%2Flogout HTTP/1.1 GET Parameters: SAMLRequest: fVLLasMwELznK4LujvxOKmJDIW0xpEnblB56KRt7nQhsyZXW0P59/UggzSE6SbMzw8yipYW6asRaH3RLb/jdoqXJtDs/daWsGKYJa40SGqy0QkGNVlAudvfPa+HPXNEYTTrXFbuS3VaBtWhIajXKslXCtpuH9fYp23zFbrzw94DFPEZv7xXzsHQB8gDcRYSlV5RxEAaY343SDzS280lYZ3sys7bFTFkCRR3sepHjRo6/ePdC4YfCm3+OvFXXVSqgQX0kaqzgfJ/XDnWDmVZY6YNUs1zXnExrife1fN4zHYOFNJh3WKV5GLlB6LF0cF32LDFkMGlzbJz+veSX6AVv020mW013L/3ltYVKlhJNws5CNn3Upga6vc0ekYVTDlSBiiT9svRcCZrmf5vemNdIUADBKf0p4ZhnTDgZsavfkf4B RelayState: https://berkleedev.prod.acquia-sites.com/user/logout Host: bcm-test.onelogin.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://berkleedev.prod.acquia-sites.com/dashboard Cookie: onelogin.com_user=618f12e32fe9c0d453252b078d47fe9ef4eff7b0; session_onelogin.com=BAh7DzoQX2NzcmZfdG9rZW4iMTVsbUFhR295WUZvSm9XQmtUL2xSc0ZnUEVzN2RHbE9qUmJZQWY5ZnpCLzQ9IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewY6CmVycm9yMAY6CkB1c2VkewY7B0Y6D3Nlc3Npb25faWQiJWM3NWZlNTU1N2RjN2Q5ZDI1YjUxMDkzZTM1Njc4MGFhOhVzYW1sX3NlcnZpY2VfaWRzWwdpBC6PCANpBHOp2AI6F3NlcnZpY2VzX2xpc3RfaGFzaGkEgkoSAToJdXNlcmkD8V%2ByOhRzYW1sX3Nlc3Npb25faWQiKTAwOWY1YjcwLWU3NzMtMDEzMi0yY2M5LTM4Y2EzYTY2MmYxYzoRbGFzdF9yZXF1ZXN0SXU6CVRpbWUNjtMcgLgcg18GOh9AbWFyc2hhbF93aXRoX3V0Y19jb2VyY2lvbkY6DXBhc3N3b3JkIhVPRVG5n0%2B3Bi8eMI3VoPPLOg9jcmVhdGVkX2F0SXU7Dw2O0xyA9%2Bz0XAY7EEY%3D--474d73da315bfac8e06a01da4f45e2d42a5e30ad; mp_048042ab90b4da88678a8455aaae0868_mixpanel=%7B%22distinct_id%22%3A%20%2247621%22%2C%22company%22%3A%20%22Berklee%20College%20of%20Music%20(test)%22%2C%22otp_required%22%3A%20%22false%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fbcm-test.onelogin.com%2Flogin%22%2C%22%24initial_referring_domain%22%3A%20%22bcm-test.onelogin.com%22%7D; _ga=GA1.2.2054206825.1432823002; _gat=1; _gat_rollupTracker=1 SAML: <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_60682baed76e1b1d74f0aac3a085ef1df6343ec9" Version="2.0" IssueInstant="2015-05-28T14:24:17Z" Destination="https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/450341"

saml:Issuerphp-saml/saml:Issuer <saml:NameID SPNameQualifier="php-saml" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" https://app.onelogin.com/saml/metadata/450341/saml:NameID /samlp:LogoutRequest

HTTP/?.? 302 Found Server: nginx/1.4.4 Date: Thu, 28 May 2015 14:24:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 539 Connection: keep-alive Status: 302 Found Cache-Control: no-cache Location: http://ec2-54-148-246-23.us-west-2.compute.amazonaws.com/auth/onelogin_saml/index.php?logout=1&SAMLRequest=nZE9T8QwDIb%2FSrdMaZP06xS1FUi3VDoYALEip5hS0SaldhE%2Fn97HcGJgYLTs%0A93ksuyKYxtkeQh9WfsDPFYmjlmjF1hOD51oYpXOpcml2TzqzJrO6FNEzLjQE%0Av3VjJaJ2X4sXk7tCw5uSWJapVDo1snAOZLrrIIUiR5dlIvqeRk%2F2ZK3Fungb%0AgAayHiYky519vL072A1q5yVw6MIomuo4bU9LLVf5v%2BNAhAtvK4rmnXkmmyQw%0Az3HwOIZ%2B8HEXpuRISSZkeAWGJNOqMKZKrmwX9f1Gb%2Ff%2FUbsJx6%2FB6xuHy8eI%0AKLeb9hh75IvnjG7O1a8%2FND8%3D%0A X-Frame-Options: DENY p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Set-Cookie: session_onelogin.com=BAh7EjoQX2NzcmZfdG9rZW4iMTVsbUFhR295WUZvSm9XQmtUL2xSc0ZnUEVzN2RHbE9qUmJZQWY5ZnpCLzQ9OhNpbl9yZXNwb25zZV90byI2T05FTE9HSU5fNjA2ODJiYWVkNzZlMWIxZDc0ZjBhYWMzYTA4NWVmMWRmNjM0M2VjOToPc2Vzc2lvbl9pZCIlYzc1ZmU1NTU3ZGM3ZDlkMjViNTEwOTNlMzU2NzgwYWEiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7BjoKZXJyb3IwBjoKQHVzZWR7BjsJRjoVc2FtbF9zZXJ2aWNlX2lkc1sAOhdzZXJ2aWNlc19saXN0X2hhc2hpBIJKEgE6CXVzZXJpA%2FFfsjoPUmVsYXlTdGF0ZSI5aHR0cHM6Ly9iZXJrbGVlZGV2LnByb2QuYWNxdWlhLXNpdGVzLmNvbS91c2VyL2xvZ291dDoUc2FtbF9zZXNzaW9uX2lkIikwMDlmNWI3MC1lNzczLTAxMzItMmNjOS0zOGNhM2E2NjJmMWM6G3Nsb19pbml0aWF0b3JfbG9naW5faWRpBC6PCAM6DXBhc3N3b3JkIhVPRVG5n0%2B3Bi8eMI3VoPPLOhFsYXN0X3JlcXVlc3RJdToJVGltZQ2O0xyAuByDXwY6H0BtYXJzaGFsX3dpdGhfdXRjX2NvZXJjaW9uRjoPY3JlYXRlZF9hdEl1OxMNjtMcgPfs9FwGOxRG--a820f8f944028b640c594fce048bda5c1c255fc8; domain=.onelogin.com; path=/; secure; HttpOnly

+++++++++++++++++++++++++++++ GET http://ec2-54-148-246-23.us-west-2.compute.amazonaws.com/auth/onelogin_saml/index.php?logout=1&SAMLRequest=nZE9T8QwDIb%2FSrdMaZP06xS1FUi3VDoYALEip5hS0SaldhE%2Fn97HcGJgYLTs%0A93ksuyKYxtkeQh9WfsDPFYmjlmjF1hOD51oYpXOpcml2TzqzJrO6FNEzLjQE%0Av3VjJaJ2X4sXk7tCw5uSWJapVDo1snAOZLrrIIUiR5dlIvqeRk%2F2ZK3Fungb%0AgAayHiYky519vL072A1q5yVw6MIomuo4bU9LLVf5v%2BNAhAtvK4rmnXkmmyQw%0Az3HwOIZ%2B8HEXpuRISSZkeAWGJNOqMKZKrmwX9f1Gb%2Ff%2FUbsJx6%2FB6xuHy8eI%0AKLeb9hh75IvnjG7O1a8%2FND8%3D%0A HTTP/1.1 GET Parameters: logout: 1 SAMLRequest: nZE9T8QwDIb/SrdMaZP06xS1FUi3VDoYALEip5hS0SaldhE/n97HcGJgYLTs 93ksuyKYxtkeQh9WfsDPFYmjlmjF1hOD51oYpXOpcml2TzqzJrO6FNEzLjQE v3VjJaJ2X4sXk7tCw5uSWJapVDo1snAOZLrrIIUiR5dlIvqeRk/2ZK3Fungb gAayHiYky519vL072A1q5yVw6MIomuo4bU9LLVf5v+NAhAtvK4rmnXkmmyQw z3HwOIZ+8HEXpuRISSZkeAWGJNOqMKZKrmwX9f1Gb/f/UbsJx6/B6xuHy8eI KLeb9hh75IvnjG7O1a8/ND8=

Host: ec2-54-148-246-23.us-west-2.compute.amazonaws.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: MoodleSession=bmq1d02bqi1vf8kubv19495134

HTTP/?.? 302 Moved Temporarily Date: Thu, 28 May 2015 14:30:32 GMT Server: Apache X-Powered-By: PHP/5.4.32 Expires: Thu, 19 Nov 1981 08:52:00 GMT Pragma: no-cache Cache-Control: no-cache, must-revalidate Set-Cookie: MoodleSession=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ X-Frame-Options: SAMEORIGIN Location: https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/410622?SAMLResponse=fZLLasMwEEX3%2FQrjvaKHX6mIDaUpJZAm0IQsugmyPEkMtmQ8MvTza5umbaiJdrpzde5IowWqumrk2p5t594BG2sQvM%2B6MijHUup3rZFWYYnSqBpQOi13T29rKWZMNq11VtvKf%2FD%2BrV%2FIfYZChNaV1kxBVsvU325e1tvX1eZ4ClQh%2BLwIteJxXKgoEmHEYqaLEBKdcH1SPHnkyRToAC32GanfR04GIXawMuiUcb2J8YiwiIj5nocyYDIQH1OnloCuNMqN5ItzDUpKc10T1xdm1kBlz6WZaVtT13bo6PAcgg5O0kJRtqB7rbI05CwWYrIxcx3L3qb%2BUUR5zNWJEUiSgDAeCBLnuSLBXKtAxRHkYTiFyUZtMeTL8a5tVltbVECaS0MGeUH%2FFn%2Ftjdw55TrMfqg38rMtwDuoqoP7Y8bRLXed1oDoe%2FQ7gt5mXPe3PzL7Ag%3D%3D Content-Length: 0 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/html

+++++++++++++++++++++++++++++ GET https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/410622?SAMLResponse=fZLLasMwEEX3%2FQrjvaKHX6mIDaUpJZAm0IQsugmyPEkMtmQ8MvTza5umbaiJdrpzde5IowWqumrk2p5t594BG2sQvM%2B6MijHUup3rZFWYYnSqBpQOi13T29rKWZMNq11VtvKf%2FD%2BrV%2FIfYZChNaV1kxBVsvU325e1tvX1eZ4ClQh%2BLwIteJxXKgoEmHEYqaLEBKdcH1SPHnkyRToAC32GanfR04GIXawMuiUcb2J8YiwiIj5nocyYDIQH1OnloCuNMqN5ItzDUpKc10T1xdm1kBlz6WZaVtT13bo6PAcgg5O0kJRtqB7rbI05CwWYrIxcx3L3qb%2BUUR5zNWJEUiSgDAeCBLnuSLBXKtAxRHkYTiFyUZtMeTL8a5tVltbVECaS0MGeUH%2FFn%2Ftjdw55TrMfqg38rMtwDuoqoP7Y8bRLXed1oDoe%2FQ7gt5mXPe3PzL7Ag%3D%3D HTTP/1.1 GET Parameters: SAMLResponse: fZLLasMwEEX3/QrjvaKHX6mIDaUpJZAm0IQsugmyPEkMtmQ8MvTza5umbaiJdrpzde5IowWqumrk2p5t594BG2sQvM+6MijHUup3rZFWYYnSqBpQOi13T29rKWZMNq11VtvKf/D+rV/IfYZChNaV1kxBVsvU325e1tvX1eZ4ClQh+LwIteJxXKgoEmHEYqaLEBKdcH1SPHnkyRToAC32GanfR04GIXawMuiUcb2J8YiwiIj5nocyYDIQH1OnloCuNMqN5ItzDUpKc10T1xdm1kBlz6WZaVtT13bo6PAcgg5O0kJRtqB7rbI05CwWYrIxcx3L3qb+UUR5zNWJEUiSgDAeCBLnuSLBXKtAxRHkYTiFyUZtMeTL8a5tVltbVECaS0MGeUH/Fn/tjdw55TrMfqg38rMtwDuoqoP7Y8bRLXed1oDoe/Q7gt5mXPe3PzL7Ag== Host: bcm-test.onelogin.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: onelogin.com_user=618f12e32fe9c0d453252b078d47fe9ef4eff7b0; session_onelogin.com=BAh7EjoQX2NzcmZfdG9rZW4iMTVsbUFhR295WUZvSm9XQmtUL2xSc0ZnUEVzN2RHbE9qUmJZQWY5ZnpCLzQ9OhNpbl9yZXNwb25zZV90byI2T05FTE9HSU5fNjA2ODJiYWVkNzZlMWIxZDc0ZjBhYWMzYTA4NWVmMWRmNjM0M2VjOToPc2Vzc2lvbl9pZCIlYzc1ZmU1NTU3ZGM3ZDlkMjViNTEwOTNlMzU2NzgwYWEiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7BjoKZXJyb3IwBjoKQHVzZWR7BjsJRjoVc2FtbF9zZXJ2aWNlX2lkc1sAOhdzZXJ2aWNlc19saXN0X2hhc2hpBIJKEgE6CXVzZXJpA%2FFfsjoPUmVsYXlTdGF0ZSI5aHR0cHM6Ly9iZXJrbGVlZGV2LnByb2QuYWNxdWlhLXNpdGVzLmNvbS91c2VyL2xvZ291dDoUc2FtbF9zZXNzaW9uX2lkIikwMDlmNWI3MC1lNzczLTAxMzItMmNjOS0zOGNhM2E2NjJmMWM6G3Nsb19pbml0aWF0b3JfbG9naW5faWRpBC6PCAM6DXBhc3N3b3JkIhVPRVG5n0%2B3Bi8eMI3VoPPLOhFsYXN0X3JlcXVlc3RJdToJVGltZQ2O0xyAuByDXwY6H0BtYXJzaGFsX3dpdGhfdXRjX2NvZXJjaW9uRjoPY3JlYXRlZF9hdEl1OxMNjtMcgPfs9FwGOxRG--a820f8f944028b640c594fce048bda5c1c255fc8; mp_048042ab90b4da88678a8455aaae0868_mixpanel=%7B%22distinct_id%22%3A%20%2247621%22%2C%22company%22%3A%20%22Berklee%20College%20of%20Music%20(test)%22%2C%22otp_required%22%3A%20%22false%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fbcm-test.onelogin.com%2Flogin%22%2C%22%24initial_referring_domain%22%3A%20%22bcm-test.onelogin.com%22%7D; _ga=GA1.2.2054206825.1432823002; _gat=1; _gat_rollupTracker=1 SAML: <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_f3ad218d4ca166da55245060cd4e7c71cfa17917" Version="2.0" IssueInstant="2015-05-28T14:30:32Z" Destination="https://bcm-test.onelogin.com/trust/saml2/http-redirect/slo/410622" InResponseTo="_25b61af0-e773-0132-6bba-38ca3a65eb44"

saml:Issuermoodle-php-saml/saml:Issuer samlp:Status

/samlp:Status /samlp:LogoutResponse

HTTP/?.? 302 Found Server: nginx/1.4.4 Date: Thu, 28 May 2015 14:24:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 746 Connection: keep-alive Status: 302 Found Cache-Control: no-cache Location: http://ec2-54-148-246-23.us-west-2.compute.amazonaws.com/auth/onelogin_saml/index.php?logout=1&SAMLResponse=fZLLasMwEEV%2FRTutHEt%2BpiIJlLYUQx7QhGzDWB67BlsyHrm0f18naUvcRZYz%0Ao7nnXjQLgrbp1NpWdnBvSJ01hCwjGjAz5MC4JQ%2BEjD0Re8H8ICMVREqmnB2x%0Ap9qacToTnGXPS34KYoxzKYSHaRp6QoaBl%2BS59sK5hhCSGPMo4uyzbQypC3bJ%0Ah94oC1STMtAiKafV%2FnGzVqOo6nrrrLbNqG5%2BnR3sku%2B2L%2Bvda7Y9JSKZBzlg%0AkSYoc1mkUSkAdAhiHmMpizIJoxD1A18tzjh1SdXfGLjPByLs3ZiRr96d60j5%0APnTdzBpsbFWbmbatf1bxW3RQgAM%2FkiIJgoV%2FQ7uiO7V34AaaVk%2B2QHaEZsD7%0ARujyWu0HrZGI%2B1OVzdiDClc%2F43Jomi82OqywYOOfsrK3LRuTfNQa2dXb%2F9Vp%0A96%2BcHsXqGw%3D%3D%0A&RelayState=https%3A%2F%2Fberkleedev.prod.acquia-sites.com%2Fuser%2Flogout X-Frame-Options: DENY p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Set-Cookie: session_onelogin.com=BAh7BjoPc2Vzc2lvbl9pZCIlZGY0ZmUzMTI3MDI2ZjhlOTZjNjVmYjg1YTVkNmU2ZTI%3D--b716b057948de388514dfdcebfe6ecb357ed6320; domain=.onelogin.com; path=/; secure; HttpOnly

+++++++++++++++++++++++++++++ GET http://ec2-54-148-246-23.us-west-2.compute.amazonaws.com/auth/onelogin_saml/index.php?logout=1&SAMLResponse=fZLLasMwEEV%2FRTutHEt%2BpiIJlLYUQx7QhGzDWB67BlsyHrm0f18naUvcRZYz%0Ao7nnXjQLgrbp1NpWdnBvSJ01hCwjGjAz5MC4JQ%2BEjD0Re8H8ICMVREqmnB2x%0Ap9qacToTnGXPS34KYoxzKYSHaRp6QoaBl%2BS59sK5hhCSGPMo4uyzbQypC3bJ%0Ah94oC1STMtAiKafV%2FnGzVqOo6nrrrLbNqG5%2BnR3sku%2B2L%2Bvda7Y9JSKZBzlg%0AkSYoc1mkUSkAdAhiHmMpizIJoxD1A18tzjh1SdXfGLjPByLs3ZiRr96d60j5%0APnTdzBpsbFWbmbatf1bxW3RQgAM%2FkiIJgoV%2FQ7uiO7V34AaaVk%2B2QHaEZsD7%0ARujyWu0HrZGI%2B1OVzdiDClc%2F43Jomi82OqywYOOfsrK3LRuTfNQa2dXb%2F9Vp%0A96%2BcHsXqGw%3D%3D%0A&RelayState=https%3A%2F%2Fberkleedev.prod.acquia-sites.com%2Fuser%2Flogout HTTP/1.1 GET Parameters: logout: 1 SAMLResponse: fZLLasMwEEV/RTutHEt+piIJlLYUQx7QhGzDWB67BlsyHrm0f18naUvcRZYz o7nnXjQLgrbp1NpWdnBvSJ01hCwjGjAz5MC4JQ+EjD0Re8H8ICMVREqmnB2x p9qacToTnGXPS34KYoxzKYSHaRp6QoaBl+S59sK5hhCSGPMo4uyzbQypC3bJ h94oC1STMtAiKafV/nGzVqOo6nrrrLbNqG5+nR3sku+2L+vda7Y9JSKZBzlg kSYoc1mkUSkAdAhiHmMpizIJoxD1A18tzjh1SdXfGLjPByLs3ZiRr96d60j5 PnTdzBpsbFWbmbatf1bxW3RQgAM/kiIJgoV/Q7uiO7V34AaaVk+2QHaEZsD7 RujyWu0HrZGI+1OVzdiDClc/43Jomi82OqywYOOfsrK3LRuTfNQa2dXb/9Vp 96+cHsXqGw==

RelayState: https://berkleedev.prod.acquia-sites.com/user/logout

Host: ec2-54-148-246-23.us-west-2.compute.amazonaws.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate

HTTP/?.? 302 Moved Temporarily Date: Thu, 28 May 2015 14:30:32 GMT Server: Apache X-Powered-By: PHP/5.4.32 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: MoodleSession=u1uh75akaddbfemh3cne80vud6; path=/ X-Frame-Options: SAMEORIGIN Location: https://berkleedev.prod.acquia-sites.com/user/logout Content-Length: 0 Keep-Alive: timeout=2, max=99 Connection: Keep-Alive Content-Type: text/html

+++++++++++++++++++++++++++++ GET https://berkleedev.prod.acquia-sites.com/user/logout HTTP/1.1 Host: berkleedev.prod.acquia-sites.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: has_js=1; atuvc=1%7C21; atuvs=556724f4da93db74000

HTTP/?.? 302 Moved Temporarily Server: nginx Date: Thu, 28 May 2015 14:24:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Drupal-Cache: MISS Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Thu, 28 May 2015 14:24:18 GMT Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0 Etag: "1432823058" Content-Language: en Location: https://berkleedev.prod.acquia-sites.com/onelogin_saml/sso?destination=user/logout X-Request-ID: 7ea5a9b7-df51-404e-a1c3-b8728b66c097 X-AH-Environment: dev Vary: Accept-Encoding Content-Encoding: gzip

+++++++++++++++++++++++++++++ GET https://berkleedev.prod.acquia-sites.com/onelogin_saml/sso?destination=user/logout HTTP/1.1 GET Parameters: destination: user/logout Host: berkleedev.prod.acquia-sites.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: has_js=1; atuvc=1%7C21; atuvs=556724f4da93db74000

HTTP/?.? 302 Moved Temporarily Server: nginx Date: Thu, 28 May 2015 14:24:18 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive X-Drupal-Cache: MISS Expires: Sun, 19 Nov 1978 05:00:00 GMT Last-Modified: Thu, 28 May 2015 14:24:18 GMT Etag: "1432823058" Pragma: no-cache Cache-Control: no-cache, must-revalidate Location: https://bcm-test.onelogin.com/trust/saml2/http-post/sso/450341?SAMLRequest=fVNNj9owEL3zK1Du%2BQ4lawFSCv1AohBB2kMvK8eZXaw6dtbj7NJ%2FXyeBLq128SXyzLznN28mM6S1aEjWmqPcw1MLaEZje061kEj65NxptSSKIkciaQ1IDCOH7NuGRF5AGq2MYko4%2F8FuoygiaMOVHGDr1dzZbT9tdl%2FW2%2FswKlkZx2k8Del0EicfaAxpHJRhnJbplN5VQIPqLmUD9AdotDxzx9I6o4ENsYW1REOlsfEgnLjBxI3SIkxIlJAw%2FTlAV7ZZLqnp4UdjGiS%2BX7LaNTbhKQlCPXLpMVX7Rrdo%2FK6vyO8q3UZ1d1R%2BMgniJBwI87MXH7msuHy8bUE5FCH5WhS5m%2B8OxUCSXaxZKoltDfoA%2Bpkz%2BL7fXKkE%2FUsAVPDs2QFUHmVPLacuciu9F3xRf99p9ilDZ9Gzz7o76R3Si%2BbYuN195l9HX%2BsasrWy16tcCc5%2B9%2FHufFa6pub97kIv7CO8ch%2F6UgI15SKrKg2Izl%2BeTAj1stRADcwd6zA4Y%2F%2Bf188LCVW%2FntYPAyczXqq6oZpjNzU4UWbOrb22d12%2BFHbX9vCwuLmOjLCuzoZz%2B3lRuupmCcy%2BXWgqsVHanF16k3xQ7d%2BQvRhd0tf%2F2uIP&RelayState=user%2Flogout X-Request-ID: 910ce31e-f074-42a0-a4d2-154519680676 X-AH-Environment: dev Vary: Accept-Encoding Content-Encoding: gzip

+++++++++++++++++++++++++++++ GET https://bcm-test.onelogin.com/trust/saml2/http-post/sso/450341?SAMLRequest=fVNNj9owEL3zK1Du%2BQ4lawFSCv1AohBB2kMvK8eZXaw6dtbj7NJ%2FXyeBLq128SXyzLznN28mM6S1aEjWmqPcw1MLaEZje061kEj65NxptSSKIkciaQ1IDCOH7NuGRF5AGq2MYko4%2F8FuoygiaMOVHGDr1dzZbT9tdl%2FW2%2FswKlkZx2k8Del0EicfaAxpHJRhnJbplN5VQIPqLmUD9AdotDxzx9I6o4ENsYW1REOlsfEgnLjBxI3SIkxIlJAw%2FTlAV7ZZLqnp4UdjGiS%2BX7LaNTbhKQlCPXLpMVX7Rrdo%2FK6vyO8q3UZ1d1R%2BMgniJBwI87MXH7msuHy8bUE5FCH5WhS5m%2B8OxUCSXaxZKoltDfoA%2Bpkz%2BL7fXKkE%2FUsAVPDs2QFUHmVPLacuciu9F3xRf99p9ilDZ9Gzz7o76R3Si%2BbYuN195l9HX%2BsasrWy16tcCc5%2B9%2FHufFa6pub97kIv7CO8ch%2F6UgI15SKrKg2Izl%2BeTAj1stRADcwd6zA4Y%2F%2Bf188LCVW%2FntYPAyczXqq6oZpjNzU4UWbOrb22d12%2BFHbX9vCwuLmOjLCuzoZz%2B3lRuupmCcy%2BXWgqsVHanF16k3xQ7d%2BQvRhd0tf%2F2uIP&RelayState=user%2Flogout HTTP/1.1 GET Parameters: SAMLRequest: fVNNj9owEL3zK1Du+Q4lawFSCv1AohBB2kMvK8eZXaw6dtbj7NJ/XyeBLq128SXyzLznN28mM6S1aEjWmqPcw1MLaEZje061kEj65NxptSSKIkciaQ1IDCOH7NuGRF5AGq2MYko4/8FuoygiaMOVHGDr1dzZbT9tdl/W2/swKlkZx2k8Del0EicfaAxpHJRhnJbplN5VQIPqLmUD9AdotDxzx9I6o4ENsYW1REOlsfEgnLjBxI3SIkxIlJAw/TlAV7ZZLqnp4UdjGiS+X7LaNTbhKQlCPXLpMVX7Rrdo/K6vyO8q3UZ1d1R+MgniJBwI87MXH7msuHy8bUE5FCH5WhS5m+8OxUCSXaxZKoltDfoA+pkz+L7fXKkE/UsAVPDs2QFUHmVPLacuciu9F3xRf99p9ilDZ9Gzz7o76R3Si+bYuN195l9HX+sasrWy16tcCc5+9/HufFa6pub97kIv7CO8ch/6UgI15SKrKg2Izl+eTAj1stRADcwd6zA4Y/+f188LCVW/ntYPAyczXqq6oZpjNzU4UWbOrb22d12+FHbX9vCwuLmOjLCuzoZz+3lRuupmCcy+XWgqsVHanF16k3xQ7d+QvRhd0tf/2uIP RelayState: user/logout Host: bcm-test.onelogin.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: onelogin.com_user=618f12e32fe9c0d453252b078d47fe9ef4eff7b0; session_onelogin.com=BAh7BjoPc2Vzc2lvbl9pZCIlZGY0ZmUzMTI3MDI2ZjhlOTZjNjVmYjg1YTVkNmU2ZTI%3D--b716b057948de388514dfdcebfe6ecb357ed6320; mp_048042ab90b4da88678a8455aaae0868_mixpanel=%7B%22distinct_id%22%3A%20%2247621%22%2C%22company%22%3A%20%22Berklee%20College%20of%20Music%20(test)%22%2C%22otp_required%22%3A%20%22false%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fbcm-test.onelogin.com%2Flogin%22%2C%22%24initial_referring_domain%22%3A%20%22bcm-test.onelogin.com%22%7D; _ga=GA1.2.2054206825.1432823002; _gat=1; _gat_rollupTracker=1 SAML: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_12bcb338371a75346a3e830b138b87a9dea0d98c" Version="2.0" IssueInstant="2015-05-28T14:24:18Z" Destination="https://bcm-test.onelogin.com/trust/saml2/http-post/sso/450341" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://berkleedev.prod.acquia-sites.com/onelogin_saml/acs"

saml:Issuerphp-saml/saml:Issuer <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true" />

saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport/saml:AuthnContextClassRef /samlp:RequestedAuthnContext /samlp:AuthnRequest

HTTP/?.? 302 Found Server: nginx/1.4.4 Date: Thu, 28 May 2015 14:24:18 GMT Content-Type: text/html; charset=utf-8 Content-Length: 101 Connection: keep-alive Status: 302 Found Cache-Control: no-cache Location: https://bcm-test.onelogin.com/login X-Frame-Options: DENY p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Set-Cookie: session_onelogin.com=BAh7BzoPc2Vzc2lvbl9pZCIlNjhlNGE1OGFkNTg0NmMwMzQ4NTczYzBjYjA2MDY3OWU6DnJldHVybl90byICAgNodHRwczovL2JjbS10ZXN0Lm9uZWxvZ2luLmNvbS90cnVzdC9zYW1sMi9odHRwLXBvc3Qvc3NvLzQ1MDM0MT9TQU1MUmVxdWVzdD1mVk5Oajlvd0VMM3pLMUR1JTJCUTRsYXdGU0N2MUFvaEJCMmtNdks4ZVpYYXc2ZHRiajdOSiUyRlh5ZUJMcTEyOFNYeXpMem5OMjhtTTZTMWFFaldtcVBjdzFNTGFFWmplMDYxa0VqNjVOeHB0U1NLSWtjaWFRMUlEQ09IN051R1JGNUFHcTJNWWtvNCUyRjhGdW95Z2lhTU9WSEdEcjFkelpiVDl0ZGwlMkZXMiUyRnN3S2xrWngyazhEZWwwRWljZmFBeHBISlJobkpicGxONVZRSVBxTG1VRDlBZG90RHh6eDlJNm80RU5zWVcxUkVPbHNmRWduTGpCeEkzU0lreElsSkF3JTJGVGxBVjdaWkxxbnA0VWRqR2lTJTJCWDdMYU5UYmhLUWxDUFhMcE1WWDdScmRvJTJGSzZ2eU84cTNVWjFkMVIlMkJNZ25pSkJ3STg3TVhIN21zdUh5OGJVRTVGQ0g1V2hTNW0lMkI4T3hVQ1NYYXhaS29sdERmb0ElMkJwa3olMkJMN2ZYS2tFJTJGVXNBVlBEczJRRlVIbVZQTGFjdWNpdTlGM3hSZjk5cDlpbERaOUd6ejdvNzZSM1NpJTJCYll1TjE5NWw5SFglMkJzYXNyV3kxNnRjQ2M1JTJCOSUyRkh1ZkZhNnB1Yjk3a0l2N0NPOGNoJTJGNlVnSTE1U0tyS2cySXpsJTJCZVRBajFzdFJBRGN3ZDZ6QTRZJTJGJTJCZjE4OExDVlclMkZudFlQQXljelhxcTZvWnBqTnpVNFVXYk9yYjIyZDEyJTJCRkhiWDl2Q3d1TG1PakxDdXpvWnolMkIzbFJ1dXBtQ2N5JTJCWFdncXNWSGFuRjE2azN4UTdkJTJCUXZSaGQwdGYlMkYydUlQJlJlbGF5U3RhdGU9dXNlciUyRmxvZ291dA%3D%3D--563a6a9e1e62e51742be3909c300af0ad9d2e583; domain=.onelogin.com; path=/; secure; HttpOnly

+++++++++++++++++++++++++++++ GET https://bcm-test.onelogin.com/login HTTP/1.1 Host: bcm-test.onelogin.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: onelogin.com_user=618f12e32fe9c0d453252b078d47fe9ef4eff7b0; session_onelogin.com=BAh7BzoPc2Vzc2lvbl9pZCIlNjhlNGE1OGFkNTg0NmMwMzQ4NTczYzBjYjA2MDY3OWU6DnJldHVybl90byICAgNodHRwczovL2JjbS10ZXN0Lm9uZWxvZ2luLmNvbS90cnVzdC9zYW1sMi9odHRwLXBvc3Qvc3NvLzQ1MDM0MT9TQU1MUmVxdWVzdD1mVk5Oajlvd0VMM3pLMUR1JTJCUTRsYXdGU0N2MUFvaEJCMmtNdks4ZVpYYXc2ZHRiajdOSiUyRlh5ZUJMcTEyOFNYeXpMem5OMjhtTTZTMWFFaldtcVBjdzFNTGFFWmplMDYxa0VqNjVOeHB0U1NLSWtjaWFRMUlEQ09IN051R1JGNUFHcTJNWWtvNCUyRjhGdW95Z2lhTU9WSEdEcjFkelpiVDl0ZGwlMkZXMiUyRnN3S2xrWngyazhEZWwwRWljZmFBeHBISlJobkpicGxONVZRSVBxTG1VRDlBZG90RHh6eDlJNm80RU5zWVcxUkVPbHNmRWduTGpCeEkzU0lreElsSkF3JTJGVGxBVjdaWkxxbnA0VWRqR2lTJTJCWDdMYU5UYmhLUWxDUFhMcE1WWDdScmRvJTJGSzZ2eU84cTNVWjFkMVIlMkJNZ25pSkJ3STg3TVhIN21zdUh5OGJVRTVGQ0g1V2hTNW0lMkI4T3hVQ1NYYXhaS29sdERmb0ElMkJwa3olMkJMN2ZYS2tFJTJGVXNBVlBEczJRRlVIbVZQTGFjdWNpdTlGM3hSZjk5cDlpbERaOUd6ejdvNzZSM1NpJTJCYll1TjE5NWw5SFglMkJzYXNyV3kxNnRjQ2M1JTJCOSUyRkh1ZkZhNnB1Yjk3a0l2N0NPOGNoJTJGNlVnSTE1U0tyS2cySXpsJTJCZVRBajFzdFJBRGN3ZDZ6QTRZJTJGJTJCZjE4OExDVlclMkZudFlQQXljelhxcTZvWnBqTnpVNFVXYk9yYjIyZDEyJTJCRkhiWDl2Q3d1TG1PakxDdXpvWnolMkIzbFJ1dXBtQ2N5JTJCWFdncXNWSGFuRjE2azN4UTdkJTJCUXZSaGQwdGYlMkYydUlQJlJlbGF5U3RhdGU9dXNlciUyRmxvZ291dA%3D%3D--563a6a9e1e62e51742be3909c300af0ad9d2e583; mp_048042ab90b4da88678a8455aaae0868_mixpanel=%7B%22distinct_id%22%3A%20%2247621%22%2C%22company%22%3A%20%22Berklee%20College%20of%20Music%20(test)%22%2C%22otp_required%22%3A%20%22false%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fbcm-test.onelogin.com%2Flogin%22%2C%22%24initial_referring_domain%22%3A%20%22bcm-test.onelogin.com%22%7D; _ga=GA1.2.2054206825.1432823002; _gat=1; _gat_rollupTracker=1

HTTP/?.? 200 OK Server: nginx/1.4.4 Date: Thu, 28 May 2015 14:24:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Status: 200 OK Cache-Control: private, max-age=0, must-revalidate X-Frame-Options: DENY p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Set-Cookie: session_onelogin.com=BAh7CDoQX2NzcmZfdG9rZW4iMTFMY2gzdmx5dXZ3eEQ0aElieDJTb2Z6ZDd0SWc2VjZzdXpEUHgvaE84aVU9Og9zZXNzaW9uX2lkIiU2OGU0YTU4YWQ1ODQ2YzAzNDg1NzNjMGNiMDYwNjc5ZToOcmV0dXJuX3RvIgICA2h0dHBzOi8vYmNtLXRlc3Qub25lbG9naW4uY29tL3RydXN0L3NhbWwyL2h0dHAtcG9zdC9zc28vNDUwMzQxP1NBTUxSZXF1ZXN0PWZWTk5qOW93RUwzeksxRHUlMkJRNGxhd0ZTQ3YxQW9oQkIya012SzhlWlhhdzZkdGJqN05KJTJGWHllQkxxMTI4U1h5ekx6bk4yOG1NNlMxYUVqV21xUGN3MU1MYUVaamUwNjFrRWo2NU54cHRTU0tJa2NpYVExSURDT0g3TnVHUkY1QUdxMk1Za280JTJGOEZ1b3lnaWFNT1ZIR0RyMWR6WmJUOXRkbCUyRlcyJTJGc3dLbGtaeDJrOERlbDBFaWNmYUF4cEhKUmhuSmJwbE41VlFJUHFMbVVEOUFkb3REeHp4OUk2bzRFTnNZVzFSRU9sc2ZFZ25MakJ4STNTSWt4SWxKQXclMkZUbEFWN1paTHFucDRVZGpHaVMlMkJYN0xhTlRiaEtRbENQWExwTVZYN1JyZG8lMkZLNnZ5TzhxM1VaMWQxUiUyQk1nbmlKQndJODdNWEg3bXN1SHk4YlVFNUZDSDVXaFM1bSUyQjhPeFVDU1hheFpLb2x0RGZvQSUyQnBreiUyQkw3ZlhLa0UlMkZVc0FWUERzMlFGVUhtVlBMYWN1Y2l1OUYzeFJmOTlwOWlsRFo5R3p6N283NlIzU2klMkJiWXVOMTk1bDlIWCUyQnNhc3JXeTE2dGNDYzUlMkI5JTJGSHVmRmE2cHViOTdrSXY3Q084Y2glMkY2VWdJMTVTS3JLZzJJemwlMkJlVEFqMXN0UkFEY3dkNnpBNFklMkYlMkJmMTg4TENWVyUyRm50WVBBeWN6WHFxNm9acGpOelU0VVdiT3JiMjJkMTIlMkJGSGJYOXZDd3VMbU9qTEN1em9aeiUyQjNsUnV1cG1DY3klMkJYV2dxc1ZIYW5GMTZrM3hRN2QlMkJRdlJoZDB0ZiUyRjJ1SVAmUmVsYXlTdGF0ZT11c2VyJTJGbG9nb3V0--c83674eda04c093b88ec3a5a2381498a1889073b; domain=.onelogin.com; path=/; secure; HttpOnly Content-Encoding: gzip

+++++++++++++++++++++++++++++ GET https://cloud.typography.com/7134072/729764/css/fonts.css HTTP/1.1 Host: cloud.typography.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://bcm-test.onelogin.com/login

HTTP/?.? 304 Not Modified Server: Apache Content-Length: 0 Etag: "1b3783f0fafd1cf48a40dec6927adb27:1410818523" Vary: Accept-Encoding Last-Modified: Mon, 15 Sep 2014 22:02:03 GMT Cache-Control: must-revalidate, private Date: Thu, 28 May 2015 14:24:18 GMT Connection: keep-alive

[pitbulk]

Ok, if the problem is related to the RelayState 'user/logout' that is set at saml_slo, let's then initialize it to a valid value:

function onelogin_saml_slo() {
    global $cookie_domain, $user;
    session_destroy();
    $auth = initialize_saml();
    $auth->logout('/');
    exit();
}

Please, test that. (RelayState will be set to '/' instead of 'user/logout').

[cagedartist]

That ‘/‘ works. When users have authenticated with multiple SPs, they still end up in the wrong place but this is due to a Onelogin bug. As of today, they recognize the bug and are going to try to fix it.

On May 28, 2015, at 10:36 AM, Sixto Martin notifications@github.com wrote:

Ok, if the problem is that at the momment of sent the SLO Request (saml_slo) a RelayState 'user/logout' is set, let's then initialize it to a valid value:

function onelogin_saml_slo() { global $cookie_domain, $user; session_destroy(); $auth = initialize_saml(); $auth->logout('/'); exit(); } Please, test it.

— Reply to this email directly or view it on GitHub https://github.com/onelogin/drupal-saml/issues/20#issuecomment-106360987.