mock-saml icon indicating copy to clipboard operation
mock-saml copied to clipboard

Published 20 hours ago verified publisher icon boxyhq

Add SLO support

Open deepakprabhakara opened this issue 3 years ago • 1 comments

From dnoliver:

Found a bug? Please fill out the sections below. 👍

Issue Summary

A summary of the issue. This needs to be a clear detailed-rich summary.

Not sure if this is a bug! I am trying to use https://mocksaml.com as a mock for my idp for single sign on and single log out. I am using the metadata url to configure my saml library https://github.com/SAML-Toolkits/python3-saml So because the https://mocksaml.com metadata file doesn't have an SLO item, my lib tells me that SLO is not supported by the idp (which make sense). But I also found some PRs and issues resolved related to slo (https://github.com/boxyhq/jackson/pull/128, and https://github.com/boxyhq/saml20/issues/14), so wanted to check if this is something that should be supported but its just missed from the public metadata file.

Steps to Reproduce

Well, for me, this is how I implemented SLO with the library I referenced. The last line of the snippet throws: onelogin.saml2.errors.OneLogin_Saml2_Error: The IdP does not support Single Log Out

    from onelogin.saml2.auth import OneLogin_Saml2_Auth
    from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser

    def logout(self, request):
        """Initialize SAML logout"""
        req = self.__prepare_tornado_request(request)
        idp_data = OneLogin_Saml2_IdPMetadataParser.parse_remote(
            self.saml_idp_metadata, timeout=5
        )
        self.saml_settings["idp"] = idp_data["idp"]
        auth = OneLogin_Saml2_Auth(req, self.saml_settings)
        return auth.logout(name_id=None, session_index=None)

But also, a simple way to show this problem is just to go to https://mocksaml.com/api/saml/metadata, and check for the following missing properties:

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<URL>"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="<URL>"/>

Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?

I consider this a bug because I couldn't find docs saying if mocksaml supports slo or not, but I could find prs and issues referencing the support for slo. Maybe a "this service doesn't support slo" would be nice if that is the expectation

Technical details

  • Browser version: You can use https://www.whatsmybrowser.org/ to find this out.: Chrome 120
  • Node.js version: N/A (not using this as a lib, I'm using the service)
  • Anything else that you think could be an issue.

Thanks for doing this! It has been super helpful to develop and test SAML integration so far!

deepakprabhakara avatar Apr 10 '22 23:04 deepakprabhakara

Any update on this?

Stunext avatar Apr 22 '23 17:04 Stunext