Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error on logout after upgrading to moodle 4.2 and saml2 plugin #835

Open
silviapinheiro opened this issue Sep 17, 2024 · 1 comment
Open

Comments

@silviapinheiro
Copy link

What happened?

The user gets the following error after pressing logout button: Expected one of: "saml2". Got "saml1" (Please see image below)

image

This is what we see in the live Apache logs on the server, when logging IN/OUT, there's a 404

172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "POST /auth/saml2/sp/saml2-acs.php/training.ccea.org.uk HTTP/1.1" 303 736
172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "GET /login/index.php?saml=on HTTP/1.1" 303 1507
172.70.91.215 - - [17/Sep/2024:07:56:05 +0100] "GET /my/courses.php HTTP/1.1" 200 81664
172.70.91.215 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=media_videojs_get_language HTTP/1.1" 200 4531
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=local_edwiserreports_get_plugin_config HTTP/1.1" 200 52
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=local_edwiserreports_complete_edwiserreports_installation HTTP/1.1" 200 53
141.101.99.206 - - [17/Sep/2024:07:56:06 +0100] "POST /lib/ajax/service.php?sesskey=KEZ0Mmd04W&info=theme_remui_get_myoverviewcourses HTTP/1.1" 200 10604
141.101.99.205 - - [17/Sep/2024:07:56:18 +0100] "GET /login/logout.php?sesskey=KEZ0Mmd04W HTTP/1.1" 404 57723

We asked the company that provides the AD FS service to us for help debugging this and they can't see any communication on logout.
I think maybe, there is something else that needs to be implemented in order for this to close the session properly and redirect the user back to login page.
We are using SAML2 not 1 so why is it failing and pointing here:
$logoutState = [
'saml:logout:Type' => 'saml1',
];
\auth\saml2.extlib\simplesamlphp\modules\saml\src\Controller\ServiceProvider.php

We recently migrated to a new server:
RHEL 9.4, moodle 4.2.9, auth_saml2: 2024071101

On the previous server, the logout seemed to be working as it would redirect the user but with further testing, we notice that the session was kept alive. Details of previous server:
centos 7, moodle 4.1.9, auth_saml2: 2022111701

With similar MariaDB 10 and PHP 8.1

We have also tested Session Handling on moodle, using the timeout to make the user log again but only actually kills the session correctly for manual accounts. If we click on cancel to close the pop up and click back on something inside moodle, we can navigate again. So, that just finished the Moodle session, not the one related to SAML2.

Could someone point in the right direction to test this or implement something to help redirecting and kill the session correctly, sending the proper logout request?

What you expected:
I expect the user to be redirected to the login page and the session is closed. So, if another user clicks the login button, he is prompted to login again, not being able to login through someone else's session.

@anrichp
Copy link

anrichp commented Oct 7, 2024

We have noticed this same issue on a Moodle instance that I manage.
Moodle 4.1.13+ (Build: 20240910)
auth_saml2: 2024071101

We make use of an alternative logout URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants