Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

single logout service #185

Closed
franklinjjeng opened this issue Jun 22, 2018 · 11 comments
Closed

single logout service #185

franklinjjeng opened this issue Jun 22, 2018 · 11 comments
Labels
question

Comments

@franklinjjeng
Copy link
Contributor

Hi @tngan, I'm utilizing your library and loving it.

I was just curious about single logout service. I noticed in issue #170 and #105 there are references that it exists but I can't seem to find anything in the code base to create logout requests through the SP or even accept IdP-initiated requests. I was wondering if you would be able to point me in the direction of them.

Thanks for your time.
@tngan
Copy link
Owner

tngan commented Jun 23, 2018

@franklinjjeng I haven't completed the example repository yet, but most of the common use cases that you can find in the test file, starting from L503.

samlify/test/flow.ts

Line 503 in 1d78763

test('idp sends a redirect logout request with signature and sp parses it', async t => {

@tngan tngan added the question label Jun 23, 2018
@franklinjjeng
Copy link
Contributor Author

Thanks! I appreciate the quick response. This looks to be what I needed, I'll play around with it some.

Also off topic, but wondering if there is a quick way to turn off X509Certificate requirement in the SAMLResponse (I can open a new question/issue if needed)

@tngan
Copy link
Owner

tngan commented Jun 24, 2018

@franklinjjeng There is no option to turn it off right now. I am also considering to make the signature optional for testing use. For feature request, please open a new issue. Thanks.

@tngan
Copy link
Owner

tngan commented Jul 22, 2018

Since this issue is not updated for a while, I will close this first. Please reopen it if needed.

@tngan tngan closed this as completed Jul 22, 2018
@franklinjjeng
Copy link
Contributor Author

Hi @tngan. I'm having trouble passing both the emailAddress and the sessionIndex in the logout redirect saml response. It seems to be passing the emailAddress without issue, but the sessionIndex is getting left out.

I'm attempting to build the redirect logout request below
const { context } = sp.createLogoutRequest(idp, 'redirect', { logoutNameID: emailAddress, sessionIndex: sessionIndex });

I based this off of what I saw in logoutRequestRedirectURL in binding-redirect.ts

      rawSamlRequest = libsaml.replaceTagsByValue(libsaml.defaultLogoutRequestTemplate.context, {
        ID: id,
        Destination: base,
        EntityID: metadata.init.getEntityID(),
        Issuer: metadata.init.getEntityID(),
        IssueInstant: new Date().toISOString(),
        NameIDFormat: namespace.format[initSetting.logoutNameIDFormat] || namespace.format.emailAddress,
        NameID: user.logoutNameID,
        SessionIndex: user.sessionIndex,

@13Nunes
Copy link

13Nunes commented Jan 21, 2020

I'm waiting for a logout example.

@aagirusairam
Copy link

@tngan, Does samlify support IDP-logout? If yes, Can you please provide me an example for such. If not, when i can expect it to be a part of samlify release.

@archerbj
Copy link

archerbj commented Jul 21, 2020
edited
Loading

samlify Version: 2.7.4

@franklinjjeng @tngan It seems samlify is already able to create logout request including SessionID. But I still have no idea how to do it. Could you please provide an example of it?
Because simply feeding session index to sp.createLogoutRequest doesn't work, the output context still misses the sessionID.

let userInfo = {
    logoutNameID: userName,
    sessionIndex: session.sessionID
  }
  let { relayState, type, entityEndpoint, id, context } = sp.createLogoutRequest(idp,"redirect",userInfo);  

<samlp:LogoutRequest 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
    ID="_c063b219-f6e3-42af-a285-5f8602ff1458" 
    Version="2.0" 
    IssueInstant="2020-07-21T09:49:07.903Z" 
    Destination="http://localhost:8080/auth/realms/demo/protocol/saml">
    <saml:Issuer>https://localhost:9090/samlify/metadata</saml:Issuer>
    <saml:NameID 
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">email@xx.com
    </saml:NameID>
</samlp:LogoutRequest>

@franklinjjeng
Copy link
Contributor Author

Unfortunately I don't have access to the code base that I built this with, but looking at past conversations, it looks like you need to create a custom template for the sessionId to appear.

https://samlify.js.org/#/template?id=custom-templates.
#197 (comment)

@netmiller
Copy link

netmiller commented Feb 2, 2021
edited
Loading

Does anyone have working example for createLogoutRequest or any advise. I can't find solution. My idp is Shibboleth instance, but I have not access to check how it should work .

@netmiller
Copy link

Wondering why is this issue Closed ? Documentation seems missing this examples etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@netmiller @13Nunes @tngan @archerbj @franklinjjeng @aagirusairam