Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML backend does not support single logout #199

Closed
dalleng opened this issue Feb 21, 2018 · 2 comments · Fixed by #382
Closed

SAML backend does not support single logout #199

dalleng opened this issue Feb 21, 2018 · 2 comments · Fixed by #382

Comments

@dalleng
Copy link

dalleng commented Feb 21, 2018
edited
Loading

Currently I'm using custom backend and identity provider classes to add SLO to my Django app, but wondering if it this could be a useful contribution to the project. Here's a snippet of what I'm using.

from social_core.backends.saml import SAMLAuth, SAMLIdentityProvider

class CustomSAMLAuth(SAMLAuth):

    def get_slo_url(self, idp_name, social_auth, return_to=None):
        idp = self.get_idp(idp_name)
        auth = self._create_saml_auth(idp)
        name_id = social_auth.extra_data['name_id']
        session_index = social_auth.extra_data['session_index']
        return auth.logout(name_id=name_id, session_index=session_index, return_to=return_to)

    def process_logout(self, idp_name, delete_session_cb):
        idp = self.get_idp(idp_name)
        auth = self._create_saml_auth(idp)
        url = auth.process_slo(delete_session_cb=delete_session_cb)
        errors = auth.get_errors()
        return url, errors

    def extra_data(self, user, uid, response, details=None, *args, **kwargs):
        extra_data = super().extra_data(
            user, uid, response, details=details, *args, **kwargs)
        extra_data['session_index'] = response['session_index']
        extra_data['name_id'] = response['attributes']['name_id']
        return extra_data


class CustomIdentityProvider(SAMLIdentityProvider):

    def __init__(self, name, **kwargs):
        super().__init__(name, **kwargs)

    @property
    def slo_url(self):
        """Get the SLO URL for this IdP"""
        return self.conf.get('slo_url')

    @property
    def saml_config_dict(self):
        """Get the IdP configuration dict in the format required by
        python-saml"""
        config = SAMLIdentityProvider.saml_config_dict.fget(self)
        if self.slo_url:
            config.update({
                "singleLogoutService": {
                    "url": self.slo_url,
                    "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                },
            })
        return config
@quique
Copy link
Contributor

quique commented Feb 28, 2019

Could some contributor please take a look at this code?

This would be a useful feature.

quique added a commit to quique/social-core that referenced this issue Jul 26, 2019
@quique
Support SAML single logout
04df89a 
Heavily based on the code provided by Diego Allen in his bug report.

Closes: python-social-auth#199
@quique quique mentioned this issue Jul 26, 2019
Merged
@omab omab closed this as completed in #382 Jul 29, 2019
sicuz pushed a commit to Servicio-Informatica-Comunicaciones-UZ/geoda2 that referenced this issue Dec 21, 2019
@quique
Support SAML 2 Single Logout service
a6a8e5e 
Requires patching python-social-auth/social-core

See <python-social-auth/social-core#199>
@machristie machristie mentioned this issue Dec 23, 2019
Merged
@jpatel3
Copy link
Contributor

jpatel3 commented Jan 26, 2022

Can someone provide more information on this one. I tried to configure slo_url provided by IDP, but when the request comes for logout, it goes thru process_response with destination url /complete/saml/, is that correct? I believe it should go to process_logout.

Any help on how to configure it is appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support SAML single logout quique/social-core
3 participants
@quique @jpatel3 @dalleng