Skip to content

generated LogoutRequest is not compliant with the "regole tecniche" #2 #32

Description

@simevo

LogoutRequest also not compliant:

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                     ID="ONELOGIN_4dc8ccb81114cefe1d3f695123b02ddf85c51be4"
                     Version="2.0"
                     IssueInstant="2018-08-11T08:57:28Z"
                     Destination="https://idp.simevo.com/slo">
  <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
               NameQualifier="http://sp2.simevo.com:8000">http://sp2.simevo.com:8000</saml:Issuer>
  <saml:NameID SPNameQualifier="http://sp2.simevo.com:8000"
               Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.simevo.com</saml:NameID>
</samlp:LogoutRequest>

testenv2 reports:

Elemento Dettagli errore
saml:NameID NameQualifier: L'attributo è obbligatorio; Format: urn:oasis:names:tc:SAML:2.0:nameid-format:entity è diverso dal valore di riferimento urn:oasis:names:tc:SAML:2.0:nameid-format:transient

screenshot:
image

no need to patch this time, this is the fix that goes in src/Strategy/SpOneLogin.php around line 166:

+       $nameId = $this->idpName;
+       $nameIdFormat = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient';
+       $nameIdNameQualifier = $this->idpName;
+       $sloBuiltUrl = $this->auth->logout(null, array(), $nameId, null, true, $nameIdFormat, $nameIdNameQualifier);
-       $sloBuiltUrl = $this->auth->logout(null, array(), null, null, true);

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions