Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error calling Saml2Auth::logout() #34

Open
dmyers opened this issue Sep 8, 2022 · 2 comments · May be fixed by #38
Open

Error calling Saml2Auth::logout() #34

dmyers opened this issue Sep 8, 2022 · 2 comments · May be fixed by #38

Comments

@dmyers
Copy link
Contributor

dmyers commented Sep 8, 2022

I followed the readme and get this error in my Laravel app trying to logout. I placed Saml2Auth::logout() right after Auth::logout().

OneLogin\Saml2\Error
Settings file not found: /var/www/html/vendor/onelogin/php-saml/settings.php

Have you seen this before? I wasn't sure how to fix it.

Am I doing something wrong or should I be setting the tenant somehow? If so I'm not sure how to best do that if I need to be storing the tenant in a session myself or calling something in the package. It seems that the routes that are defined in the package have a route resolver that my logout route wouldn't have.

@dmyers
Copy link
Contributor Author

dmyers commented Sep 8, 2022

Upon more research, it does seem that in order to use that we have to first resolve a tenant and bootstrap a OneLoginBuilder instance. Is there a way to do that without extending a lot using built in package support? It also seems that we do still need to track the current tenant in that case as well unless I'm missing something it would be nice if the package could abstract majority of this from the application in terms of implementation.

It also seems that in order to perform a global SLO, that the nameId, sessionIndex, nameIdFormat attributes are persisted in session or cookie and sent along with the request from research from a few other repos:

@dmyers dmyers linked a pull request Sep 15, 2022 that will close this issue
@ghost
Copy link

ghost commented Jul 25, 2023

Not sure if this helps anyone, but I handle this a different way

When the user logs in, I store the UUID of the tenant that authenticated in the session. I do this in the event listener that runs the auth logic once a tenant sends back the handshake.

            // Store the saml2_uuid in the session
            session()->forget('saml2_uuid');
            session()->put('saml2_uuid', $tenant->uuid);

Then when the user logs out, I just redirect them manually with the stored UUID.

    /**
     * Custom logout logic to notify the IDP of the logout
     *
     * @param Request $request
     *
     * @return \Illuminate\Http\RedirectResponse
     */
    public function logout(Request $request)
    {
        $saml2_uuid = session()->get('saml2_uuid');

        $user_is_sso = Auth::user()->is_sso;

        Auth::logout();

        $request->session()->invalidate();
        $request->session()->regenerateToken();

        if ($user_is_sso && $saml2_uuid) {
            // Now, redirect to SAML2 IdP logout
            return redirect()->route('saml.logout', [
                'uuid' => $saml2_uuid
            ]);
        } else {
            return redirect('login');
        }
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant