Single Log Out Doesn't work as expected when logging out of the same domain name

[GoogleCodeExporter]

Hi,

I am implementing simpleSAMLphp in a project and have noticed an oddity.

If I have my IdP set up as saml.mydomain.com, all of the SP's I condigure 
against it login and logout as expected.

When any SP get's logged out, all other SP's are also similarly logged out, 
however, one of the SP's -- which shares the SAME domain name as the IdP 
(saml.mydomain.com) -- can only be logged off by deliberately invoking a logout.

I an using isAuthenticated to determine the state of the session.

My investigation suggests that the isAuthenticated method in 
SimpleSAML_Auth_Simple incorrectly returns "true" when the domain name of the 
SP and the IdP are the same.

I tested this by changing the domain name of the IdP to be different than the 
SP, and isAuthenticated returns "false" as expected.

Is this a known issue? or is there a configuration setting to control the 
behaviour?

Original issue reported on code.google.com by marcus...@virtualthinking.com on 26 May 2011 at 7:23

• Merged into: #397

[GoogleCodeExporter]

I am using version 1.8, BTW

Original comment by marcus...@virtualthinking.com on 26 May 2011 at 7:24

[GoogleCodeExporter]

I am unable to reproduce this behaviour. What does the log file for the SP and 
IdP say? (/var/log/syslog or something like that by default.)

Original comment by olavmrk@gmail.com on 26 May 2011 at 11:22

[GoogleCodeExporter]

Are this IdP and SP share the same session, i.e. do they have set 
session.cookie.path in config.php? Do you have the same authsource name on the 
IdP and SP?

Original comment by comel...@gmail.com on 26 May 2011 at 1:38

[GoogleCodeExporter]

Hi There,

Thanks for replying.

I'm pasting in my log file here, running in DEBUG mode.
https://saml.test/is a test SP that I've setup for... testing.  The
amm.virtualthinking.net host is the SAML IdP service (
https://amm.virtualthinking.net/simplesaml/etc/etc/etc), but we also have a
service directory layered on the same domain that is itself an SP of itself.

To answer the other questions posted, I do believe that we *might* be
sharing the same session and/or session cookie as I've made no specific
effort to differentiate the two.  I do *not* think that we are sharing the
same authsource name(s), although the simplesamlphp setup I've put together
does combine SP and IdP together.

*authsources.php* snippet:

  //SP Authentication
'radical-saml20' => array(
'saml:SP',

// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the
metadata URL.
'entityID' => NULL,

// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of
available IdPs.
'idp' => $GLOBALS['radcfg']['auth']['saml20_entityid'],

// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be
used.
'discoURL' => NULL,
),

  //IdP Authentication
'radical-samlink' => array(
'sqlauth:SQL',
'dsn' =>
'mysql:host='.$GLOBALS['radcfg']['database']['db_host'].';dbname='.$GLOBALS['rad
cfg']['database']['db_data'],
'username' => $GLOBALS['radcfg']['database']['db_user'],
'password' => $GLOBALS['radcfg']['database']['db_pass'],
'query' => "SELECT
              CONCAT(`users`.`primary_key`) AS uniqueid,
              CONCAT(`users`.`nameid`) AS user,
              CONCAT(`users`.`userlevel`) AS identity,
              CONCAT(`users`.`accesslevel`) AS authentication
            FROM
              `users`
            WHERE
              `users`.`user` = :username AND
              `users`.`password` = :password AND
              `users`.`RecordStatus` != 'DELETED'
            LIMIT 0,1
            ;",
),

The *log* follows:

***** IDP LOGIN COMPLETED *****

***** BEGIN LOGIN TO SP *****

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:null isauthenticated:no remainingtime:28701

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [161acd3915] Saved state:
'_f6bca1245464fc327fbb132587ea90fad40da1c865'

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [161acd3915] Sending SAML 2
AuthnRequest to '
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php'

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SSOService: Incomming Authentication request: '
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20'

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-samlink'.

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-samlink'.

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-samlink'.

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-samlink'.

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Filter config for
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php->
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20:
array (  0 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(
    'langattr' => 'preferredLanguage',     'priority' => 30,  )),  1 =>
sspmod_core_Auth_Process_StatisticsWithAttribute::__set_state(array(
'attribute' => 'realm',     'typeTag' => 'saml20-idp-SSO',     'priority' =>
45,  )),  2 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(
    'allowedAttributes' =>     array (    ),     'isDefault' => false,
'priority' => 50,  )),  3 =>
sspmod_core_Auth_Process_AttributeMap::__set_state(array(     'map' =>
array (      'aRecord' => 'urn:oid:0.9.2342.19200300.100.1.26',
 'aliasedEntryName' => 'urn:oid:2.5.4.1',      'aliasedObjectName' =>
'urn:oid:2.5.4.1',      'associatedDomain' =>
'urn:oid:0.9.2342.19200300.100.1.37',      'associatedName' =>
'urn:oid:0.9.2342.19200300.100.1.38',      'audio' =>
'urn:oid:0.9.2342.19200300.100.1.55',      'authorityRevocationList' =>
'urn:oid:2.5.4.38',      'buildingName' =>
'urn:oid:0.9.2342.19200300.100.1.48',      'businessCategory' =>
'urn:oid:2.5.4.15',      'c' => 'urn:oid:2.5.4.6',      'cACertificate' =>
'urn:oid:2.5.4.37',      'cNAMERecord' =>
'urn:oid:0.9.2342.19200300.100.1.31',      'carLicense' =>
'urn:oid:2.16.840.1.113730.3.1.1',      'certificateRevocationList' =>
'urn:oid:2.5.4.39',      'cn' => 'urn:oid:2.5.4.3',      'co' =>
'urn:oid:0.9.2342.19200300.100.1.43',      'commonName' =>
'urn:oid:2.5.4.3',      'countryName' => 'urn:oid:2.5.4.6',
 'crossCertificatePair' => 'urn:oid:2.5.4.40',      'dITRedirect' =>
'urn:oid:0.9.2342.19200300.100.1.54',      'dSAQuality' =>
'urn:oid:0.9.2342.19200300.100.1.49',      'dc' =>
'urn:oid:0.9.2342.19200300.100.1.25',      'deltaRevocationList' =>
'urn:oid:2.5.4.53',      'departmentNumber' =>
'urn:oid:2.16.840.1.113730.3.1.2',      'description' => 'urn:oid:2.5.4.13',
     'destinationIndicator' => 'urn:oid:2.5.4.27',      'displayName' =>
'urn:oid:2.16.840.1.113730.3.1.241',      'distinguishedName' =>
'urn:oid:2.5.4.49',      'dmdName' => 'urn:oid:2.5.4.54',      'dnQualifier'
=> 'urn:oid:2.5.4.46',      'documentAuthor' =>
'urn:oid:0.9.2342.19200300.100.1.14',      'documentIdentifier' =>
'urn:oid:0.9.2342.19200300.100.1.11',      'documentLocation' =>
'urn:oid:0.9.2342.19200300.100.1.15',      'documentPublisher' =>
'urn:oid:0.9.2342.19200300.100.1.56',      'documentTitle' =>
'urn:oid:0.9.2342.19200300.100.1.12',      'documentVersion' =>
'urn:oid:0.9.2342.19200300.100.1.13',      'domainComponent' =>
'urn:oid:0.9.2342.19200300.100.1.25',      'drink' =>
'urn:oid:0.9.2342.19200300.100.1.5',      'eduOrgHomePageURI' =>
'urn:oid:1.3.6.1.4.1.5923.1.2.1.2',      'eduOrgIdentityAuthNPolicyURI' =>
'urn:oid:1.3.6.1.4.1.5923.1.2.1.3',      'eduOrgLegalName' =>
'urn:oid:1.3.6.1.4.1.5923.1.2.1.4',      'eduOrgSuperiorURI' =>
'urn:oid:1.3.6.1.4.1.5923.1.2.1.5',      'eduOrgWhitePagesURI' =>
'urn:oid:1.3.6.1.4.1.5923.1.2.1.6',      'eduPersonAffiliation' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',      'eduPersonEntitlement' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',      'eduPersonNickname' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.2',      'eduPersonOrgDN' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',      'eduPersonOrgUnitDN' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.4',      'eduPersonPrimaryAffiliation' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',      'eduPersonPrimaryOrgUnitDN' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.8',      'eduPersonPrincipalName' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',      'eduPersonScopedAffiliation' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',      'eduPersonTargetedID' =>
'urn:oid:1.3.6.1.4.1.5923.1.1.1.10',      'email' =>
'urn:oid:1.2.840.113549.1.9.1',      'emailAddress' =>
'urn:oid:1.2.840.113549.1.9.1',      'employeeNumber' =>
'urn:oid:2.16.840.1.113730.3.1.3',      'employeeType' =>
'urn:oid:2.16.840.1.113730.3.1.4',      'enhancedSearchGuide' =>
'urn:oid:2.5.4.47',      'facsimileTelephoneNumber' => 'urn:oid:2.5.4.23',
   'favouriteDrink' => 'urn:oid:0.9.2342.19200300.100.1.5',      'fax' =>
'urn:oid:2.5.4.23',      'federationFeideSchemaVersion' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.9',      'friendlyCountryName' =>
'urn:oid:0.9.2342.19200300.100.1.43',      'generationQualifier' =>
'urn:oid:2.5.4.44',      'givenName' => 'urn:oid:2.5.4.42',      'gn' =>
'urn:oid:2.5.4.42',      'homePhone' =>
'urn:oid:0.9.2342.19200300.100.1.20',      'homePostalAddress' =>
'urn:oid:0.9.2342.19200300.100.1.39',      'homeTelephoneNumber' =>
'urn:oid:0.9.2342.19200300.100.1.20',      'host' =>
'urn:oid:0.9.2342.19200300.100.1.9',      'houseIdentifier' =>
'urn:oid:2.5.4.51',      'info' => 'urn:oid:0.9.2342.19200300.100.1.4',
 'initials' => 'urn:oid:2.5.4.43',      'internationaliSDNNumber' =>
'urn:oid:2.5.4.25',      'isMemberOf' => 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1',
     'janetMailbox' => 'urn:oid:0.9.2342.19200300.100.1.46',
 'jpegPhoto' => 'urn:oid:0.9.2342.19200300.100.1.60',
 'knowledgeInformation' => 'urn:oid:2.5.4.2',      'l' => 'urn:oid:2.5.4.7',
     'labeledURI' => 'urn:oid:1.3.6.1.4.1.250.1.57',      'localityName' =>
'urn:oid:2.5.4.7',      'mDRecord' => 'urn:oid:0.9.2342.19200300.100.1.27',
     'mXRecord' => 'urn:oid:0.9.2342.19200300.100.1.28',      'mail' =>
'urn:oid:0.9.2342.19200300.100.1.3',      'mailPreferenceOption' =>
'urn:oid:0.9.2342.19200300.100.1.47',      'manager' =>
'urn:oid:0.9.2342.19200300.100.1.10',      'member' => 'urn:oid:2.5.4.31',
   'mobile' => 'urn:oid:0.9.2342.19200300.100.1.41',
 'mobileTelephoneNumber' => 'urn:oid:0.9.2342.19200300.100.1.41',
 'nSRecord' => 'urn:oid:0.9.2342.19200300.100.1.29',      'name' =>
'urn:oid:2.5.4.41',      'norEduOrgAcronym' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.6',      'norEduOrgNIN' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.12',      'norEduOrgSchemaVersion' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.11',      'norEduOrgUniqueIdentifier' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.7',      'norEduOrgUniqueNumber' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.1',      'norEduOrgUnitUniqueIdentifier' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.8',      'norEduOrgUnitUniqueNumber' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.2',      'norEduPersonBirthDate' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.3',      'norEduPersonLIN' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.4',      'norEduPersonNIN' =>
'urn:oid:1.3.6.1.4.1.2428.90.1.5',      'o' => 'urn:oid:2.5.4.10',
 'objectClass' => 'urn:oid:2.5.4.0',      'organizationName' =>
'urn:oid:2.5.4.10',      'organizationalStatus' =>
'urn:oid:0.9.2342.19200300.100.1.45',      'organizationalUnitName' =>
'urn:oid:2.5.4.11',      'otherMailbox' =>
'urn:oid:0.9.2342.19200300.100.1.22',      'ou' => 'urn:oid:2.5.4.11',
 'owner' => 'urn:oid:2.5.4.32',      'pager' =>
'urn:oid:0.9.2342.19200300.100.1.42',      'pagerTelephoneNumber' =>
'urn:oid:0.9.2342.19200300.100.1.42',      'personalSignature' =>
'urn:oid:0.9.2342.19200300.100.1.53',      'personalTitle' =>
'urn:oid:0.9.2342.19200300.100.1.40',      'photo' =>
'urn:oid:0.9.2342.19200300.100.1.7',      'physicalDeliveryOfficeName' =>
'urn:oid:2.5.4.19',      'pkcs9email' => 'urn:oid:1.2.840.113549.1.9.1',
 'postOfficeBox' => 'urn:oid:2.5.4.18',      'postalAddress' =>
'urn:oid:2.5.4.16',      'postalCode' => 'urn:oid:2.5.4.17',
 'preferredDeliveryMethod' => 'urn:oid:2.5.4.28',      'preferredLanguage'
=> 'urn:oid:2.16.840.1.113730.3.1.39',      'presentationAddress' =>
'urn:oid:2.5.4.29',      'protocolInformation' => 'urn:oid:2.5.4.48',
 'pseudonym' => 'urn:oid:2.5.4.65',      'registeredAddress' =>
'urn:oid:2.5.4.26',      'rfc822Mailbox' =>
'urn:oid:0.9.2342.19200300.100.1.3',      'roleOccupant' =>
'urn:oid:2.5.4.33',      'roomNumber' =>
'urn:oid:0.9.2342.19200300.100.1.6',      'sOARecord' =>
'urn:oid:0.9.2342.19200300.100.1.30',      'searchGuide' =>
'urn:oid:2.5.4.14',      'secretary' =>
'urn:oid:0.9.2342.19200300.100.1.21',      'seeAlso' => 'urn:oid:2.5.4.34',
     'serialNumber' => 'urn:oid:2.5.4.5',      'singleLevelQuality' =>
'urn:oid:0.9.2342.19200300.100.1.50',      'sn' => 'urn:oid:2.5.4.4',
 'st' => 'urn:oid:2.5.4.8',      'stateOrProvinceName' => 'urn:oid:2.5.4.8',
     'street' => 'urn:oid:2.5.4.9',      'streetAddress' =>
'urn:oid:2.5.4.9',      'subtreeMaximumQuality' =>
'urn:oid:0.9.2342.19200300.100.1.52',      'subtreeMinimumQuality' =>
'urn:oid:0.9.2342.19200300.100.1.51',      'supportedAlgorithms' =>
'urn:oid:2.5.4.52',      'supportedApplicationContext' =>
'urn:oid:2.5.4.30',      'surname' => 'urn:oid:2.5.4.4',
 'telephoneNumber' => 'urn:oid:2.5.4.20',      'teletexTerminalIdentifier'
=> 'urn:oid:2.5.4.22',      'telexNumber' => 'urn:oid:2.5.4.21',
 'textEncodedORAddress' => 'urn:oid:0.9.2342.19200300.100.1.2',      'title'
=> 'urn:oid:2.5.4.12',      'uid' => 'urn:oid:0.9.2342.19200300.100.1.1',
   'uniqueIdentifier' => 'urn:oid:0.9.2342.19200300.100.1.44',
 'uniqueMember' => 'urn:oid:2.5.4.50',      'userCertificate' =>
'urn:oid:2.5.4.36',      'userClass' => 'urn:oid:0.9.2342.19200300.100.1.8',
     'userPKCS12' => 'urn:oid:2.16.840.1.113730.3.1.216',
 'userPassword' => 'urn:oid:2.5.4.35',      'userSMIMECertificate' =>
'urn:oid:2.16.840.1.113730.3.1.40',      'userid' =>
'urn:oid:0.9.2342.19200300.100.1.1',      'x121Address' =>
'urn:oid:2.5.4.24',      'x500UniqueIdentifier' => 'urn:oid:2.5.4.45',    ),
    'priority' => 90,  )),  4 =>
sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr'
=> 'preferredLanguage',     'priority' => 99,  )),)

[27-May-2011 10:02:19] simplesamlphp - DEBUG: STAT [52a9d1aa40]
saml20-idp-SSO-first
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php NA

[27-May-2011 10:02:19] simplesamlphp - DEBUG: STAT [52a9d1aa40]
saml20-idp-SSO
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php NA

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [52a9d1aa40] Sending SAML 2.0
Response to '
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20'

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [161acd3915] Loading state:
'_f6bca1245464fc327fbb132587ea90fad40da1c865'

[27-May-2011 10:02:19] simplesamlphp - DEBUG: [161acd3915] Received SAML2
Response from '
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php'.

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Found 1
certificates in SAML2_Assertion

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Filter config for
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php->
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20:
array (  0 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(
    'allowedAttributes' =>     array (    ),     'priority' => 50,  )),  1
=>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(
'langattr' => 'preferredLanguage',     'priority' => 90,  )),)

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Deleting state:
'_f6bca1245464fc327fbb132587ea90fad40da1c865'

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Session:
doLogin("radical-saml20")

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Set IdP to :
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:radical-saml20 isauthenticated:yes remainingtime:28800

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:radical-saml20 isauthenticated:yes remainingtime:28800

[27-May-2011 10:02:20] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:radical-saml20 isauthenticated:yes remainingtime:28800

***** COMPLETED LOGIN TO SP *****

***** BEGIN LOGOUT FROM SP *****

[27-May-2011 10:03:21] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:radical-saml20 isauthenticated:yes remainingtime:28739

[27-May-2011 10:03:21] simplesamlphp - DEBUG: [161acd3915] Session:
doLogout()

[27-May-2011 10:03:21] simplesamlphp - DEBUG: [161acd3915] Saved state:
'_85b66bfc1ac132d31c95e2b76e6bd59ea085e874f5'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Received SAML 2.0
LogoutRequest from: '
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: STAT [52a9d1aa40]
saml20-idp-SLO spinit
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_88499f8a3cab9a31c63a06d64058d20ba2dd6aede0'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-samlink'.

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Session:
doLogout('radical-samlink')

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Loading state:
'_88499f8a3cab9a31c63a06d64058d20ba2dd6aede0'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_88499f8a3cab9a31c63a06d64058d20ba2dd6aede0'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Logging out of
'saml:
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'.

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Sending SAML 2.0
LogoutRequest to: '
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40]
module/saml2/sp/logout: Request from
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php

[27-May-2011 10:03:22] simplesamlphp - DEBUG: STAT [52a9d1aa40]
saml20-idp-SLO idpinit
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Redirect to 643
byte URL:
https://amm.virtualthinking.net/simplesaml/saml2/idp/SingleLogoutService.php?SAM
LResponse=lVJLS8QwEP4rJffdpM22NWF3QfQi6MWKBy8ym0zdYJqETir%2BfLtdRAURvATm8T1mJluC
wSd9G1%2FilO%2BRUgyExfvgA%2BmltGPTGHQEcqQDDEg6G91d3t3qai10GmOOJnr2DfI3AohwzC4GVt
xc79izVJWqjDItqAbrWkp5sDU0TY%2FiYEwvatv2IDZls2HFI440I3dsJprhRBPeBMoQ8pwSZbkS9apq
H4TQQuqqemLFNVJ2AfKCOuacSHMOw7B%2Bc2OewOejC68uvKwDZk5uSB5PI%2FDTU3FnE%2B%2Fmqsfz
fjoc35zBdTqmWT58rushznM0KHslsGmlOKjDRoGsy16W1qh%2BUyspVG%2Fri8Y0rWH77YleL%2F7H%2
FT9cDdFOfpHnZ5eJD5jBQoYlOYJ1BvxqcS%2B2%2FLvM9nzoLkOe6Gd0FS0Wj%2BAn%2FPt0tHTrbjIG
iRjfnxW%2BSPlvn2n%2FAQ%3D%3D&RelayState=_88499f8a3cab9a31c63a06d64058d20ba2dd6ae
de0

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Received SAML 2.0
LogoutResponse from: '
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Loading state:
'_88499f8a3cab9a31c63a06d64058d20ba2dd6aede0'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Logged out of
'saml:
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'.

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Sending logout
response to SP '
https://saml.test/simplesaml/module.php/saml/sp/metadata.php/radical-saml20'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [52a9d1aa40] Redirect to 646
byte URL:
https://saml.test/simplesaml/module.php/saml/sp/saml2-logout.php/radical-saml20?
SAMLResponse=fVJNa%2BQwDP0rwfeJHW8%2BzcxA2V4GZi87pYdeimxrO6aOHSJn2Z%2B%2FiYfSFkp
PQnp%2BT0%2BS9wSjn9Q5vsQl%2FUaaYiAs%2Fo0%2BkMrQgS1zUBHIkQowIqlk1OXu11nJUqhpjima6
NkHyvcMIMI5uRhYcbo%2FsOemtzDoodetMX3fDUJjXzcCGm3rDru6b%2BqhA4ntH1Y84kwr88BWoZVOt
OApUIKQ1pKoqp1odrJ7EEKJH0rKJ1bcIyUXIGXWNaWJFOebyTKtCCc3Th63nI%2FRLh7L6TplnNMtyp3
Pq8nADNYZ8LsMbA7C28Ye4jqKbARaY3Rdyc7qoZG6Ny1Y3dVNpa1dwVZgW5mhY8f9pqHyCPPxzRiMY%2
FnXzWkBn64uvLrwUgb8ZDO35s5OfMQEFhJszvb8o9z%2BdtNLgrTQ5%2BxntFg8gl%2Fw%2BytRfq0ui
zFIxPjx1uFdlH%2F1b47%2FAQ%3D%3D&RelayState=_85b66bfc1ac132d31c95e2b76e6bd59ea085
e874f5

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [161acd3915] Loading state:
'_85b66bfc1ac132d31c95e2b76e6bd59ea085e874f5'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [161acd3915] Deleting state:
'_85b66bfc1ac132d31c95e2b76e6bd59ea085e874f5'

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:null isauthenticated:no remainingtime:28738

[27-May-2011 10:03:22] simplesamlphp - DEBUG: [161acd3915] Library -
Session: Check if session is valid. checkauthority:radical-saml20
thisauthority:null isauthenticated:no remainingtime:28738

***** LOGOUT FROM SP COMPLETED *****

***** TEST ACCESS TO IDP *****

[27-May-2011 10:04:03] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-saml20'.

[27-May-2011 10:04:03] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-saml20'.

***** TEST ACCESS COMPLETED, STILL AUTHENTICATED *****

***** FORCE LOGOUT FROM IDP *****

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Session: Valid
session found with 'radical-saml20'.

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Session:
doLogout('radical-saml20')

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_c921c2d4ebdb1cf2e1dc9869d249c4f0de1162f4cb'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Redirect to 684
byte URL:
https://amm.virtualthinking.net/simplesaml/saml2/idp/SingleLogoutService.php?SAM
LRequest=lVLLahwxEPyVQfcdzfshdocElsCCE5yM8SEX0yP1ekUkjSJpjP33nocDdg6GvQhR3dVV1dL
eg1aW3YyP4xR%2B4d8JfYietTKerZUDmZxhI3jpmQGNngXO%2Bq%2Ffb1gWJ8y6MYx8VOQd5XMGeI8uy
NGQ6HQ8kAeRVkIUouVDlWYgmrTgTc15kRdc1Kng9VBWwwAFNCS6R%2Bdn5oHMg2a69xOejA9gwgwlabp
Lyl1W3yUJS0qW5r9JdJzTSANhZV1CsJ5RClrHT9KFCVS4SPNHmsfYYKBeaqtwiUCXI6NSWNrPVYXbenp
0T5JjbC%2BWdPulh60mXHfFaD2KSa0z6CZlqcYAAgKsoAMhOajdaiHZ0%2Fcym%2BaPeamnY9TfLpefs
5Q8S3RX5bvOBIm%2BjU5D%2BPxlF0SK3XltZahBKtJpcHzy8fTy5fJi0Q0yLFbeUm1BtlSW9eiX1z0Zg
c%2FdQ9umbdlAVvFqqLIyy%2BomSYRoS4E5lkVd5Ocz5lWObyv6j%2F8P%2FPCvu1c%3D&RelayState
=_c921c2d4ebdb1cf2e1dc9869d249c4f0de1162f4cb

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Received SAML 2.0
LogoutRequest from: '
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: STAT [52a9d1aa40]
saml20-idp-SLO spinit
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_259da89adf2666e1da38ed16f84fd539e26f640dde'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Session:
'radical-samlink' not valid because we are not authenticated.

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Loading state:
'_259da89adf2666e1da38ed16f84fd539e26f640dde'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Sending logout
response to SP '
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Redirect to 632
byte URL:
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/saml2-logout.php/r
adical-saml20?SAMLResponse=lVLBSgMxEP2VJfc2yW66uw1tQeyloBcrHrzIbBJtMJssO7Pi57tNE
RVE8BQmL%2B%2FNezPZIPRh0DfpJU1053BIEV3x3oeIOkNbNo1RJ0CPOkLvUJPRx6vbG10uhR7GRMmkw
L5R%2FmYAohvJp8iKw37LnoxoWlGbdWlr9VwpKWVTta6qVN12RqzqZ9VUql1bC6x4cCPOzC2bhWY64uQ
OEQkizVdCyoVYLcrmXggtVlpWj6zYOyQfgTLrRDSg5hz6fvnmR5og0MnHVx9fltERR98PwZ0j8D7ZKbj
lcBp4rvFylouQB5WBEaw3EBYZOPuJn%2FO7T3MwK2trlV2brpYl2FYq0zbGqEoZ20hrmm5Vdx0oaNluc
9bQOdC4%2B4fN3Jp7O%2FDeEVggODvb8O9ym8uGjwQ04c%2FqOllXPECY3N87w%2FxaHydjHCLju0uHL
1H%2B2y%2FafQA%3D&RelayState=_c921c2d4ebdb1cf2e1dc9869d249c4f0de1162f4cb

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Loading state:
'_c921c2d4ebdb1cf2e1dc9869d249c4f0de1162f4cb'

[27-May-2011 10:05:13] simplesamlphp - DEBUG: [52a9d1aa40] Deleting state:
'_c921c2d4ebdb1cf2e1dc9869d249c4f0de1162f4cb'

***** LOGOUT COMPLETE *****

***** TEST ACCESS AGAIN *****

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Session:
'radical-saml20' not valid because we are not authenticated.

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_97ea7310cccca511b6b3992ee76775f0710b5ee51f'

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Sending SAML 2
AuthnRequest to '
https://amm.virtualthinking.net/simplesaml/saml2/idp/metadata.php'

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Redirect to 706
byte URL:
https://amm.virtualthinking.net/simplesaml/saml2/idp/SSOService.php?SAMLRequest=
pVJta9swEP4rRt8dyS6OiUgCWcNYoFtDne3DvoyLfVnE9OLpzt3276fYLXQwAqX6IMFz97zcoSWBs73e
DHz2D%2FhzQOLst7Oe9FhYiSF6HYAMaQ8OSXOrm83HO13OlO5j4NAGK15QrjOACCOb4EW2267Et0WNUN
8Uqk0HqqI4zo83i0WJWM%2FrujqpulDHCrEqTiL7gpEScyWSUKITDbjzxOA5QaooclXlZX1QSqu5rtRX
kW3TNMYDj6wzc09aSnBu9mgiD2D5bPwP47%2FPPLIk43qLlxHk5Sql6XrZNPcNxkfT4qw%2F9yLbPOe%
2FDZ4Gh%2FGp%2Bvnh7lUOLnSDHTXl5Di9ZQ4tjWiEzrRg8xFN4%2B6fVv3O%2BC7pXd%2FycWoi%2Fe
Fw2Of7%2B%2BYg1suLkh63FtdvS%2BqQoQOG%2FwRdypc2y%2BlzfUoBd9t9sKb9k70P0QFfz39BTJef
xlbNETwZ9JzWb234dRsRGFeC44BCrifLf7%2Fw%2Bi8%3D&RelayState=https%3A%2F%2Famm.virt
ualthinking.net%2Floadhtml.php%3Fwhere%3Dsamlink%26what%3Dmain.php

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40]
[metadata\saml20-sp-remote.php] Loaded Remote Service Providers from Service
Registry

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] SAML2.0 -
IdP.SSOService: Incomming Authentication request: '
https://amm.virtualthinking.net/simplesaml/module.php/saml/sp/metadata.php/radic
al-saml20
'

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Session:
'radical-samlink' not valid because we are not authenticated.

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Saved state:
'_868ae9adb9ce2f8411bd0dba8df697357e0a3e6517:
https://amm.virtualthinking.net/simplesaml/saml2/idp/SSOService.php?spentityid=h
ttps%3A%2F%2Famm.virtualthinking.net%2Fsimplesaml%2Fmodule.php%2Fsaml%2Fsp%2Fmet
adata.php%2Fradical-saml20&cookieTime=1306454810&RelayState=https%3A%2F%2Famm.vi
rtualthinking.net%2Floadhtml.php%3Fwhere%3Dsamlink%26what%3Dmain.php
'

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Loading state:
'_868ae9adb9ce2f8411bd0dba8df697357e0a3e6517:
https://amm.virtualthinking.net/simplesaml/saml2/idp/SSOService.php?spentityid=h
ttps%3A%2F%2Famm.virtualthinking.net%2Fsimplesaml%2Fmodule.php%2Fsaml%2Fsp%2Fmet
adata.php%2Fradical-saml20&cookieTime=1306454810&RelayState=https%3A%2F%2Famm.vi
rtualthinking.net%2Floadhtml.php%3Fwhere%3Dsamlink%26what%3Dmain.php
'

[27-May-2011 10:06:50] simplesamlphp - DEBUG: [52a9d1aa40] Template: Reading
[C:\radical\www.library\simplesamlphp-1.8.0/dictionaries/login]

***** TEST COMPLETE, NOT AUTHENTICATED *****

Original comment by marcus...@virtualthinking.com on 27 May 2011 at 12:17

[GoogleCodeExporter]

I have reproduced the bug now. It turns out that it was related to issue 397, 
which was fixed in r2839. Applying the change made in r2839 on top of 1.8.0 
solved the problem for me. I am therefore marking this issue as a duplicate of 
397.

Original comment by olavmrk@gmail.com on 27 May 2011 at 10:17

• Changed state: Duplicate
• Added labels: Type-Defect

[GoogleCodeExporter]

Cool!

Where can I get the patch? And when will the patch be released into a release?

Original comment by marcus...@virtualthinking.com on 27 May 2011 at 10:25

[GoogleCodeExporter]

Applied the recommended patch and can confirm it fixes the issue.

Original comment by marcus...@virtualthinking.com on 27 May 2011 at 10:35

[GoogleCodeExporter]

It is available from the "revision"-page:
    http://code.google.com/p/simplesamlphp/source/detail?r=2839

As for when it will be in a release - I do not know. We have no set plan for an 
1.9-release yet. I looked over the changes we have since 1.8.0 that would be 
suitable for an 1.8.1-release, and found three:

    http://code.google.com/p/simplesamlphp/source/list?path=/branches/simplesamlphp-1.8/

Not sure that I feel that those are enough to warrant an 1.8.1 release yet.

Original comment by olavmrk@gmail.com on 27 May 2011 at 10:42