/logout error 404

Question

/logout error 404

Closed this issue 4 years ago · 2 comments

Hello,
I have just implemented your middleware, everything works well, right down to the logout.

Indeed this one finishes, on an error 404 for the route: /logout/saml2callback
Here is the extension I made, very close to your example:
AppSaml2.php

<?php

namespace App\Http\Middleware;

use App\Http\MaitrePylos\Filter;
use App\User;
use Auth;
use RootInc\LaravelSaml2Middleware\Saml2;

class AppSaml2 extends Saml2
{
    private $token = null;
    private $profile = null;
    private $filtre = null;

    public function __construct(Filter $filtre)
    {
        parent::__construct();
        $this->filtre = $filtre;


    }

    /**
     * Handler that is called when a successful login has taken place for the first time
     *
     * @param \Illuminate\Http\Request $request
     * @param String $tokenSAML2_IDP_x509 
     * @param mixed $profile
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|mixed
     */
    protected function success($request, $token, $profile)
    {
        $this->token = $token;
        $this->profile = $profile;


        $user = User::updateOrCreate(['email' => $token], [
            'name' => $this->getUsername(),
        ]);

        Auth::login($user, true);

        return parent::success($request, $token, $profile);
    }

    public function getUsername()
    {
        [$name, $dns] = explode('@', $this->token);
        return $name;
    }


}

my routes
web.php

Route::get('/login', '\App\Http\Middleware\AppSaml2@saml2')->name('login');
Route::get('/saml2/metadata', '\App\Http\Middleware\AppSaml2@saml2metadata');
Route::post('/login/saml2callback', '\App\Http\Middleware\AppSaml2@saml2callback');
Route::get('/logout', '\App\Http\Middleware\AppSaml2@saml2logout')->name('logout');
Route::post('/logout/logoutcallback', '\App\Http\Middleware\AppSaml2@logoutcallback');

I'm going around in circles, do you have any leads?
Thank you very much.

Answer 1 · 2020-10-21T21:31:46.000Z

Hi @maitrepylos

Indeed this one finishes, on an error 404 for the route: /logout/saml2callback

Based on what is supplied in the web.php, I think we want to use /logout/logoutcallback instead of /logout/saml2callback. My guess is the IdP was configured with /logout/saml2callback instead of /logout/logoutcallback.

Let us know if that solves your issue.

Answer 2 · 2020-10-22T09:15:52.000Z

Hello, while applying your proposal, I came across another mistake:

OneLogin\Saml2\Error
SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding

So I looked for the error and it turns out that the method of the class OneLogin\Saml2\Auth.php processSLO() checks only $_GET['SAMLResponse']) except for my sso provider (wso2), only returns post.

So I added this:

   if (!empty($_POST['SAMLResponse']) {
            $_GET['SAMLResponse'] = $_POST['SAMLResponse'];
        }

in AppSaml2\logoutcallback

And it works well.

Thank you for your help.

Translated with www.DeepL.com/Translator (free version)