[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_auth_saml SSO and problems with logout



Hi again,

I am getting closer to achieving my goal of enabling SSO between php and perl
using simpleSAMLphp and mod_auth_saml from zxid.
I have set up a new test environment on CentOS 5.8 in a virtual box and compiled mod_auth_saml.so 
successfully and installed into apache module directory. simpleSAMLphp is configured as 
a SAML 2.0 IdP. 

With this setup, single sign-on is working but logout isn't working.

My setup: I have made a subdirectory /protected and put in a cgi script: test.cgi that logs some output,
also, a script 'saml' was placed in the same directory to avoid internal server errors.  So I have
http://localhost/protected/test.cgi and http://localhost/protected/saml.
Then, I delete all browser cookies, and go to http://localhost/protected/test.cgi
- I am immediately redirected to the IdP login page,
- I log in sucessfully
- I am redirected to http://localhost/protected/saml
- I can then access http://localhost/protected/test.cgi
- The user is logged in PHP and Drupal as well

However after that I cannot log out from the mod_auth_saml site any more, except by deleting all cookies.

If I log out in simpleSAMLphp or the attached PHP application I am logged out in those, but not in 
the cgi script and my mod_auth_saml session seems to persist. 
I have tried all options in  http://localhost/protected/saml?o=m as well, but none of those 
seems to terminate that session. 

Is there any way I can achieve what I want? I appreciate your help. Please ask for more
information if necessary.

Best
Michael


I added only the following to the http.conf that comes with centos

ScriptAlias /protected/ "/var/www/html/protected/"
<Location /protected>
Require valid-user
AuthType "saml"
ZXIDDebug "0x61"
ZXIDConf "DEFAULTQS=l0http://localhost:8080/simplesaml/saml2/idp/metadata.php";
ZXIDConf "URL=http://localhost:8080/protected/saml";
ZXIDConf "REDIR_TO_CONTENT=1"
</Location>

The metadata from http://localhost:8080/protected/saml?o=B were imported into the IdP and 
a simple example authentication with predefined accounts was used to avoid any problems 
from upstream IdP. 

ZXID version is 1.12 and using the /var/zxid directory owned by the apache user who has rwx perssions on this and subdirectories.


SimpleSAMLphp is version 1.10.0 and install in /var/simplesaml