Development #11422
On logout return success even if no logout can be done (no session exists)
Statut:
Fermé
Priorité:
Normal
Assigné à:
Gestion d'identité
Catégorie:
SAML
Version cible:
-
Début:
18 juin 2016
Echéance:
% réalisé:
0%
Temps estimé:
Patch proposed:
Non
Planning:
Description
We can log a warning, but it's useless to return a Responder error to the requesting service provider as it is meaningless for it.
Historique
Mis à jour par Benjamin Dauvergne il y a presque 8 ans
It produces such errors on django-mellon enabled sites:
unable to process a logout response ProfileStatusNotSuccessError()¶ ¶ Request repr():•¶ <WSGIRequest¶ path:/accounts/mellon/logout/,¶ GET:<QueryDict: {u'SigAlg': [u'http://www.w3.org/2000/09/xmldsig#rsa-sha1'], u'SAMLResponse': [u'xxx'], u'RelayState': [u'/'], u'Signature': [u'A6bKjREfAfid+z7dvWKJ6CStic5LwCKE0bYXZq3sE3EzKI6D39N8y7O6WGjh7c8N3s92kMDgYfauZyhLBnoX84qP8fUunYeFycg4c1INlMQ1Vif+iwWxNYhmgDFtZYVyiA9f2U+DzzeZnUaG0I9hggJc24aeIH/Jq9mxk4aIQTU=']}>,¶ POST:<QueryDict: {}>,¶ COOKIES:{},¶ META:{u'CSRF_COOKIE': u'PiPG1D9Ave93pN4i3vInwDYjN3EeqyQP',¶ 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',¶ 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br',¶ 'HTTP_ACCEPT_LANGUAGE': 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',¶ 'HTTP_CONNECTION': 'close',¶ 'HTTP_HOST': 'xxx',¶ 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0',¶ 'HTTP_X_FORWARDED_FOR': 'xxx',¶ 'HTTP_X_FORWARDED_PROTO': 'https',¶ 'HTTP_X_FORWARDED_PROTOCOL': 'ssl',¶ 'HTTP_X_FORWARDED_SSL': 'on',¶ 'HTTP_X_REAL_IP': 'xxx',¶ 'PATH_INFO': u'/accounts/mellon/logout/',¶ 'QUERY_STRING': 'SAMLResponse=xxx',¶
Decoded SAML response is:
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_87612993FA948F440946D2136A962A2D" InResponseTo="_CF2CA75499393BC3D65969F403720EBD" Version="2.0" IssueInstant="2016-06-18T07:28:36Z" Destination="https://xxx/accounts/mellon/logout/"><saml:Issuer>https://xxx/idp/saml2/metadata</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="http://authentic.entrouvert.org/status_code/UnknownSession"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse>
Mis à jour par Benjamin Dauvergne il y a plus de 6 ans
- Statut changé de Nouveau à Résolu (à déployer)
Corrigé coté mellon par:
commit aaedfde78674452b9e0d4d035a2cd4f24e2e6376 Author: Benjamin Dauvergne <bdauvergne@entrouvert.com> Date: Mon Jun 20 17:42:17 2016 +0200 views: gracefully handle logout errors (fixes #11449)
plus d'actualité, authentic fait le job en retournant une erreur SAML.
Mis à jour par Benjamin Dauvergne il y a plus de 6 ans
- Statut changé de Résolu (à déployer) à Fermé