simplesamlphp icon indicating copy to clipboard operation
simplesamlphp copied to clipboard

Published 20 hours ago verified publisher icon simplesamlphp

Single Logout should be propagated from SP to IdP

Open relaxnow opened this issue 10 years ago • 1 comments

SimplSAMLphp, when used as a proxy, does not properly propagate SLO requests from upstream Identity Providers. Received on it's SP endpoint they will simply terminate the SP session.

So in a given setup: federation

A SLO Request from a Our SP will be propagated to the Their SPs, but a SLO Request from a Their SP will not be propagated to the Our SPs.

See: https://groups.google.com/forum/#!topic/simplesamlphp/4Bm42hYfGjI

relaxnow avatar Apr 09 '14 09:04 relaxnow

Unfortunately work on this has halted due to budget constraints. A patch was developed on the master branch (post 1.12, pre 2.0 / 1.13), backported to 1.10 and verified with the IST setup. However it was limited in scope to the current issue and used components which are scheduled for removal in the upcoming version.

Discussion on this can be found here: https://groups.google.com/forum/#!topic/simplesamlphp-dev/atyXnJYIEXw

relaxnow avatar Apr 16 '14 12:04 relaxnow