Single Logout does not kill the SimpleSAMLPhp session

[sandeepdr]

With this module, sign in works perfectly fine (both Active Directory and OTP). For single logout, SimpleSAMLPhp do send a "success" logout message to service provider but when accessed the same URL , it directly takes to OTP page bypassing the login page for AD authentication. SimpleSAMLPhp is Identity provider in my case.

Expected Result: SimpleSAMLPhp should throw login page.
Current Result: SimpleSAMLPhp bypasses the login page and takes to OTP page.

[sitya]

Thanks, I can deal with it in January.

[omarpr]

Hello, any update with this? I tried fixing this issue for two hours and had no luck. I don't know the internals of simplesamlphp and this module. Can you help?

FYI. I started trying to replace this (on login.php):

SimpleSAML_Auth_Default::initLogin($as['mainAuthSource'], SimpleSAML_Utilities::selfURL());

With...

$ass = SimpleSAML_Auth_Source::getById($authId);
$ass->initLogin(SimpleSAML_Utilities::selfURL());

It didn't worked with the change I made. I did that because I was reading that SimpleSAML_Auth_Default::initLogin is deprecated. We are using Single Log Out (initSLO.php) and as I see in the flow of simplesamlphp, it never calls this module for logging out. So I thought that maybe the problem is how this module creates the session and how it authenticates the user.

My two cents.

[northway]

If you can create a proper pull request, it will be merged.

[vijaygodhasara]

I have resolved a single logout issue. as we need to do a chaining logout process. issue like it will logout from authtfaga state but it will not logout to mainauthsource.

Need to add below method in "authtfaga.php" file

public function logout(&$returnTo) {
       $as = SimpleSAML_Configuration::getConfig('authsources.php')->getValue($this->authId);
       $authSource = new \SimpleSAML\Auth\Simple($as['mainAuthSource']);
       $authSource->logout($returnTo);
       \SimpleSAML\Session::getSessionFromRequest()->cleanup();
}