You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We asked the company that provides the AD FS service to us for help debugging this and they can't see any communication on logout.
I think maybe, there is something else that needs to be implemented in order for this to close the session properly and redirect the user back to login page.
We are using SAML2 not 1 so why is it failing and pointing here:
$logoutState = [
'saml:logout:Type' => 'saml1',
];
\auth\saml2.extlib\simplesamlphp\modules\saml\src\Controller\ServiceProvider.php
We recently migrated to a new server:
RHEL 9.4, moodle 4.2.9, auth_saml2: 2024071101
On the previous server, the logout seemed to be working as it would redirect the user but with further testing, we notice that the session was kept alive. Details of previous server:
centos 7, moodle 4.1.9, auth_saml2: 2022111701
With similar MariaDB 10 and PHP 8.1
We have also tested Session Handling on moodle, using the timeout to make the user log again but only actually kills the session correctly for manual accounts. If we click on cancel to close the pop up and click back on something inside moodle, we can navigate again. So, that just finished the Moodle session, not the one related to SAML2.
Could someone point in the right direction to test this or implement something to help redirecting and kill the session correctly, sending the proper logout request?
What you expected:
I expect the user to be redirected to the login page and the session is closed. So, if another user clicks the login button, he is prompted to login again, not being able to login through someone else's session.
The text was updated successfully, but these errors were encountered:
What happened?
The user gets the following error after pressing logout button: Expected one of: "saml2". Got "saml1" (Please see image below)
This is what we see in the live Apache logs on the server, when logging IN/OUT, there's a 404
172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "POST /auth/saml2/sp/saml2-acs.php/training.ccea.org.uk HTTP/1.1" 303 736
172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "GET /login/index.php?saml=on HTTP/1.1" 303 1507
172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "GET /my/courses.php HTTP/1.1" 200 81664
172.70.91.215 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=media_videojs_get_language HTTP/1.1" 200 4531
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=local_edwiserreports_get_plugin_config HTTP/1.1" 200 52
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=local_edwiserreports_complete_edwiserreports_installation HTTP/1.1" 200 53
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=theme_remui_get_myoverviewcourses HTTP/1.1" 200 10604
141.101.99.205 - - [17/Sep/2024:07:56:18 +0100] "GET /login/logout.php?sesskey=KEZ0Mmd04W HTTP/1.1" 404 57723
We asked the company that provides the AD FS service to us for help debugging this and they can't see any communication on logout.
I think maybe, there is something else that needs to be implemented in order for this to close the session properly and redirect the user back to login page.
We are using SAML2 not 1 so why is it failing and pointing here:
$logoutState = [
'saml:logout:Type' => 'saml1',
];
\auth\saml2.extlib\simplesamlphp\modules\saml\src\Controller\ServiceProvider.php
We recently migrated to a new server:
RHEL 9.4, moodle 4.2.9, auth_saml2: 2024071101
On the previous server, the logout seemed to be working as it would redirect the user but with further testing, we notice that the session was kept alive. Details of previous server:
centos 7, moodle 4.1.9, auth_saml2: 2022111701
With similar MariaDB 10 and PHP 8.1
We have also tested Session Handling on moodle, using the timeout to make the user log again but only actually kills the session correctly for manual accounts. If we click on cancel to close the pop up and click back on something inside moodle, we can navigate again. So, that just finished the Moodle session, not the one related to SAML2.
Could someone point in the right direction to test this or implement something to help redirecting and kill the session correctly, sending the proper logout request?
What you expected:
I expect the user to be redirected to the login page and the session is closed. So, if another user clicks the login button, he is prompted to login again, not being able to login through someone else's session.
The text was updated successfully, but these errors were encountered: