Fixed SAML logout for ADFS.
This commit is contained in:
parent
3e870c30e1
commit
75749ef336
3 changed files with 20 additions and 4 deletions
|
@ -224,6 +224,11 @@ SAML2_ONELOGIN_OVERRIDES=null
|
|||
SAML2_DUMP_USER_DETAILS=false
|
||||
SAML2_AUTOLOAD_METADATA=false
|
||||
SAML2_IDP_AUTHNCONTEXT=true
|
||||
SAML2_SP_CERTIFICATE=null
|
||||
SAML2_SP_PRIVATEKEY=null
|
||||
SAML2_SP_NAME_ID_Format=null
|
||||
SAML2_SP_NAME_ID_SP_NAME_QUALIFIER=null
|
||||
SAML2_RETRIEVE_PARAMETERS_FROM_SERVER=false
|
||||
|
||||
# SAML group sync configuration
|
||||
# Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
|
||||
|
|
|
@ -61,8 +61,14 @@ class Saml2Service extends ExternalAuthService
|
|||
$returnRoute = url('/');
|
||||
|
||||
try {
|
||||
$url = $toolKit->logout($returnRoute, [], null, null, true);
|
||||
$email = auth()->user()['email'];
|
||||
$nameIdFormat = env('SAML2_SP_NAME_ID_Format', null);
|
||||
$nameIdSPNameQualifier = env('SAML2_SP_NAME_ID_SP_NAME_QUALIFIER', null);
|
||||
|
||||
|
||||
$url = $toolKit->logout($returnRoute, [], $email, null, true, $nameIdFormat, null, $nameIdSPNameQualifier);
|
||||
$id = $toolKit->getLastRequestID();
|
||||
|
||||
} catch (Error $error) {
|
||||
if ($error->getCode() !== Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED) {
|
||||
throw $error;
|
||||
|
@ -117,7 +123,9 @@ class Saml2Service extends ExternalAuthService
|
|||
public function processSlsResponse(?string $requestId): ?string
|
||||
{
|
||||
$toolkit = $this->getToolkit();
|
||||
$redirect = $toolkit->processSLO(true, $requestId, false, null, true);
|
||||
$retrieveParametersFromServer = env('SAML2_RETRIEVE_PARAMETERS_FROM_SERVER', false);
|
||||
|
||||
$redirect = $toolkit->processSLO(true, $requestId, $retrieveParametersFromServer, null, true);
|
||||
|
||||
$errors = $toolkit->getErrors();
|
||||
|
||||
|
|
|
@ -80,8 +80,8 @@ return [
|
|||
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
||||
// Usually x509cert and privateKey of the SP are provided by files placed at
|
||||
// the certs folder. But we can also provide them with the following parameters
|
||||
'x509cert' => '',
|
||||
'privateKey' => '',
|
||||
'x509cert' => env('SAML2_SP_CERTIFICATE', ''),
|
||||
'privateKey' => env('SAML2_SP_PRIVATEKEY', ''),
|
||||
],
|
||||
// Identity Provider Data that we want connect with our SP
|
||||
'idp' => [
|
||||
|
@ -147,6 +147,9 @@ return [
|
|||
// Multiple forced values can be passed via a space separated array, For example:
|
||||
// SAML2_IDP_AUTHNCONTEXT="urn:federation:authentication:windows urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
|
||||
'requestedAuthnContext' => is_string($SAML2_IDP_AUTHNCONTEXT) ? explode(' ', $SAML2_IDP_AUTHNCONTEXT) : $SAML2_IDP_AUTHNCONTEXT,
|
||||
'logoutRequestSigned' => env('', false),
|
||||
'logoutResponseSigned' => env('', false),
|
||||
'lowercaseUrlencoding' => env('', false)
|
||||
],
|
||||
],
|
||||
|
||||
|
|
Loading…
Reference in a new issue