Development #11422
On logout return success even if no logout can be done (no session exists)
Statut:
Fermé
Priorité:
Normal
Assigné à:
Gestion d'identité
Catégorie:
SAML
Version cible:
-
Début:
18 juin 2016
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Non
Planning:
Description
We can log a warning, but it's useless to return a Responder error to the requesting service provider as it is meaningless for it.
Historique
Mis à jour par Benjamin Dauvergne il y a presque 8 ans
It produces such errors on django-mellon enabled sites:
unable to process a logout response ProfileStatusNotSuccessError()¶
¶
Request repr():•¶
<WSGIRequest¶
path:/accounts/mellon/logout/,¶
GET:<QueryDict: {u'SigAlg': [u'http://www.w3.org/2000/09/xmldsig#rsa-sha1'], u'SAMLResponse': [u'xxx'], u'RelayState': [u'/'], u'Signature': [u'A6bKjREfAfid+z7dvWKJ6CStic5LwCKE0bYXZq3sE3EzKI6D39N8y7O6WGjh7c8N3s92kMDgYfauZyhLBnoX84qP8fUunYeFycg4c1INlMQ1Vif+iwWxNYhmgDFtZYVyiA9f2U+DzzeZnUaG0I9hggJc24aeIH/Jq9mxk4aIQTU=']}>,¶
POST:<QueryDict: {}>,¶
COOKIES:{},¶
META:{u'CSRF_COOKIE': u'PiPG1D9Ave93pN4i3vInwDYjN3EeqyQP',¶
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',¶
'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',¶
'HTTP_ACCEPT_LANGUAGE': 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',¶
'HTTP_CONNECTION': 'close',¶
'HTTP_HOST': 'xxx',¶
'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0',¶
'HTTP_X_FORWARDED_FOR': 'xxx',¶
'HTTP_X_FORWARDED_PROTO': 'https',¶
'HTTP_X_FORWARDED_PROTOCOL': 'ssl',¶
'HTTP_X_FORWARDED_SSL': 'on',¶
'HTTP_X_REAL_IP': 'xxx',¶
'PATH_INFO': u'/accounts/mellon/logout/',¶
'QUERY_STRING': 'SAMLResponse=xxx',¶
Decoded SAML response is:
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_87612993FA948F440946D2136A962A2D" InResponseTo="_CF2CA75499393BC3D65969F403720EBD" Version="2.0" IssueInstant="2016-06-18T07:28:36Z" Destination="https://xxx/accounts/mellon/logout/"><saml:Issuer>https://xxx/idp/saml2/metadata</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="http://authentic.entrouvert.org/status_code/UnknownSession"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse>
Mis à jour par Benjamin Dauvergne il y a plus de 6 ans
- Statut changé de Nouveau à Résolu (à déployer)
Corrigé coté mellon par:
commit aaedfde78674452b9e0d4d035a2cd4f24e2e6376
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon Jun 20 17:42:17 2016 +0200
views: gracefully handle logout errors (fixes #11449)
plus d'actualité, authentic fait le job en retournant une erreur SAML.
Mis à jour par Benjamin Dauvergne il y a plus de 6 ans
- Statut changé de Résolu (à déployer) à Fermé