SAML: SP-initiated logout does not propagate to external authentication modules
Environment
LemonLDAP::NG version: 2.0.8
Summary
- Configure LLNG as a SAML Issuer
- Configure SAML auth module to an external server
- Login to a SP
- Logout from the SP
- Logout is propagated to LLNG
- Logout is NOT propagated to external server
Possible fixes
The current code:
# Launch normal logout and ignore errors
$req->steps( [ @{ $self->p->beforeLogout }, 'deleteSession' ] );
$self->p->process($req);
We are missing the authLogout
step. Which means we have to handle
- Redirection to an external provider
- Resumption of the logout process once we are back from the external provider (through
storeRequest
)