SLO not redirecting to specified URL ($auth->logout($returnTo);)
it-esfl opened this issue · 3 comments
Hi there,
is it normal behavior that an SLO with $auth->logout($returnTo); does not redirect to the named URL?
In my case after a successful SLO (sessions are cleared correctly) it just says "Sucessfully logged out" (the URL in the browser in my case is index.php?sls&SAMLResponse=XXX&RelayState=correct_URL&....). So it seems that the URL from RelayState is not applied. Is this a known behavior or possibly a misconfiguration?
Many thanks in advance!
We are running into the same issue. Did you find anything?
i'm facing the same issue , any update ? @it-esfl
@it-esfl, @MitchTalmadge, @farahalrabee2
If you are using the code of the demo1
else if (isset($_GET['sls'])) {
if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) {
$requestID = $_SESSION['LogoutRequestID'];
} else {
$requestID = null;
}
$auth->processSLO(false, $requestID);
$errors = $auth->getErrors();
if (empty($errors)) {
echo '<p>Sucessfully logged out</p>';
} else {
echo '<p>' . htmlentities(implode(', ', $errors)) . '</p>';
if ($auth->getSettings()->isDebugActive()) {
echo '<p>'.htmlentities($auth->getLastErrorReason()).'</p>';
}
}
Such code in case of success on a SP-initiaited Single Logout process, ends printing the "Sucessfully logged out" that you comment. But this is just a demo.
You could improve the code and take care of the redirection, ideally due UX, first notify the user about the logout action
and then redirecting so for example:
echo '<p>Sucessfully logged out</p>';
if (isset($_GET['RelayState'])) {
// Add code to confirm RelayState is a trusted URL before redirecting
echo '
<script>
setTimeout(function () {
window.location.href="'.$_GET["RelayState"].'";
},5000);
</script>
';
}