SLO request is not valid
Concerned version
Version: %2.0.9
Platform: (Nginx)
Summary
Hi,
I am trying to setup SLO for Peertube but the logout request give me "SLO request is not valid".
After some investigation, the original lasso error is:
When looking for an assertion we did not found it.
I validated the request with https://www.samltool.com/validate_logout_req.php with the following params:
SAMLRequest:
fZFPb4MwDMW/Csq9EAgQiFq6Sb0gdTus0w67TCZxWiQIjISqH3/pP6nbYddn/57t5+X61HfBESfbDmZF4pCSdbW00Hej2A77YXZv+D2jdYHvM1ZcKisyT0YMYFsrDPRohZNi9/yyFUlIxTgNbpBDRx6Q/wmwFifnFyBBvVmRL86KQqokk5lOKdNpJkvOqMSCsjiXoHmiM1XKBBsSfNxX90Yet3bG2lgHxnmJJnQRx4uYv8dUZLlIeEjj/JMEG39Ra8BdyINzoxVRBLM7hLqDMXS+HJ33jmxr9h1ekyDXYMRlyFTdsWOrcHjgxm7et8Ze7BZnIIkmT+MU9ehAgYPQB7OMHr2uxq8+mXpTgXrqw9bcOm7i7Sc7tOdza6PwVEGTFY1kiKiRIlccyiKWGphUjDZp2RQy40ozUFI2DHmRJ5LrrODAMeW8vE74Y3oXf32/+gE=
SP identity:
https://video.flap.test/plugins/auth-saml2/router/metadata.xml
Target URL:
https://auth.flap.test/saml/singleLogout
SP Certificate:
-----BEGIN CERTIFICATE-----
MIIE4TCCAsmgAwIBAgIUJLxbc0mEXmbzpXeXGfE5hW+LvR0wDQYJKoZIhvcNAQEL
BQAwADAeFw0yMDExMTIxNDU3MjBaFw0zMDExMTAxNDU3MjBaMAAwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDuNeWjkGmWO75eJiLr+TcN3IMp02x1FdOa
/SaFH7zq0HKBCzw/NKtscwDliK3DT2sSfLs9hDfrK6yBsI3RzZDcsDWdrEk67axA
UFBDCzvEpwuOuPdr0g4mffvysXUBSOSv4JuFOa3wqP8b4SV5Ugx8O7GkhvI03UKE
WFsdboP0fxc1GxjJQQ42nDDltu3b2BHSpmuHJPG4CemuIUH7QujR7TCg6aeBG3kH
axKX0PQHvZW0oDNYTCNRGkiTQo0YcAJwFb+Z/WZUtKSwmo2wwn4ojThKV3TXo/Dg
6eh7UKePad4dhbgA+esCUjIqXWHin+jXUb1Bk+TSHce4J5V6qe6DswwQ8b2GiAT/
1MoYUymxhx6770XjwFISnIUXkrpTten52olrZIMfzACU1ev7g4N8qTQH9zCg340Q
45x8saZgtjL1dSxpx6UqD7wkYYADCeDlNoULC0mGtFY3+G89JvApB4KSYaBZjuQt
N7uwSBp1SyhNB56ojiv51R5CbWNzhuPosu8Zm+QaGng3JGQZwKeUFFedWo9dih+F
XVCAZ+Y204neUAfurtewQyjpktgolDIhzCZulUdaZj6DDH4XpW3HTvItOUTDTnY3
jXujPH9NGAGbjpL0vDVoko5LFj6TVoPQcyj18rx3Ldr5+YG77iy1YcggGKV7EdKP
vepwE07yswIDAQABo1MwUTAdBgNVHQ4EFgQUrvnQyNQKnaRqIUPNqLPQL6iERjsw
HwYDVR0jBBgwFoAUrvnQyNQKnaRqIUPNqLPQL6iERjswDwYDVR0TAQH/BAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAgEAKyKb07eEEeqPXQ9aim8L2ay8Jattf/iKTF2/
bxtZ/NkqI+hcAexDdOPzu4Y5o79pPOQAYmdPyr+bVWbLosyx7fJMSokdUXLDeCdT
kGUEoYIHKhpTkd29WAbCfhypSbD+vjUZuGo/zioj5+vVtMmVsAT0A+ytuC4Jw8eM
nvsmrvMCQaFnKrPbYBOo93LOBcEP0L5qhWBhJUsy2aJRHiVWWfKHPyEj3dMMx7x7
Jf+yRz50WdPBVabFZDOgBrTKuw9n1dt1Ea5zawScnwzmviaAzfinWnpJAPjVhvWC
ohWRlI0zIULZeqzYb+JdHJAVmgTHtzIfrlcRXMjo9azmFQRHn3J7fUgd//LnFJpn
poDbK5hZqusbADdwOR8f9flfl93GAcb65lnbjog3X4UQmSw0bpiowHTbbP+4jTme
CIeyADZcLn40e2s2sOZGdeg1quH48p2DoveFBr2MeCsMTUmu4GjWnhUWGHyMhDhx
TCFR7dB3vT6WIfXj50PNyP19BTtApmf3HdWrF8khsmzwPhDXxXM/Z+lPIW0bLXUc
xA8idpyus269V9x0eCZhxUS5t0oQp98jCUPw9ha8bYMHvu/XxPr+njvQsd0Z0T3s
vplfCHOltVv8Gr+Jt0UsjG3ijgQMKjb1BJq5rgatfTknp+ydi231ViY+EiC4R2ix
waMzgvo=
-----END CERTIFICATE-----
Signature:
gOkqU71nZQtIZAv2VS/fkNUKH8/jYwaLheIX1o5daKAidp+g19QEq0KvjWqYojb4/ZsH7IrI2Rga5/+hi7fj5Yvpro2t1YMtmu2VPmlqfbQr3lpFUyrFsKx+R92Hu5mZzeCc2LA2LS5T+TTqAJqTnhLPRCE+m0Vqf9YFCFRTPB+cUGM5wQURpUqjGNnCCojadFLWBQ41NzI9sgUiJvrZUFES5Ds+5SD8daZJGRnEhz90nCFfXCDYr6NxVsdX4doNxUjC++jN5sx63SfzbUo9KU8U+kxZoGjvZVwUol3LoR4GNSuvIBKCIgwtOutrdlDLLn+uXpCaSY4OsMb37Ofm4KpqX1GANF0X/StbJL7+WiLvfKr1o+ocHFOw9qoUhkWq8WaEHGPuT7kpYN2SpZ+JIIGfmpZjzQjflvONKdeK8b1aOaRN2kPy9gHx3g4U2dqegBo6559dxYPta7xS+j3h2s3T0IdZ+oXm26V8ZVm/bYOLEMk3FtGKUUBnGsZNucNreUg+/2VGtffIr9vq5EcgQyAkXe5wgqEGBgFX7LGjV5zl2w+53hmVVqY/dveSi3isBcO8bTLBIhjJMQt+4qfS1mRLg0RrgNhYIOp9LeltKifJO8t1be37lyE26iIKwqK9SVz0bHkpD7Ty7npIdtiyC2Averemmjt7NT9mjEKxb14=
Relay state: Note that I could not validate it without a RelayState, so I filled a dummy one.
https://video.flap.test
Logs
There is no log about the error.
I set logLevel
to debug
, but maybe there is another setting to have more logs.
LemonLDAPNG:
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] User logger Lemonldap::NG::Common::Logger::Std loaded
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Lemonldap::NG::Common::Conf::Backends::File loaded.
Configuration unchanged, get configuration from cache.
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Get configuration 1
[Tue Nov 17 14:45:52 2020] [LLNG:12] [info] Loading configuration 1 for process 12
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls defaultValuesInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls jailInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls portalInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls locationRulesInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls sessionStorageInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls headersInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls postUrlInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Process 12 calls aliasInit
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Launching Lemonldap::NG::Handler::FastCGI::Loader->loadCustomHandlers(conf)
[Tue Nov 17 14:45:52 2020] [LLNG:12] [debug] Launching Lemonldap::NG::Portal::Main->reloadConf(conf)
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] VH auth.flap.test is HTTPS
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Get session bda002de2a6c1eb40e1f68cb7f075d3d2b584be64846555a6e0f76ddf4cea2d8 from Handler::Main::Run
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Check session validity from Handler
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Session timeout -> 2592000
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Session _utime -> 1605607627
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] now -> 1605624353
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Session timeoutActivityInterval -> 60
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Session TTL = 2575274
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] No URL authentication level found...
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] auth.flap.test: Apply default rule
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] removing cookie
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] Cookies -> llnglanguage=en; flap-sso=bda002de2a6c1eb40e1f68cb7f075d3d2b584be64846555a6e0f76ddf4cea2d8
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] CookieName -> flap-sso
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] newCookies -> llnglanguage=en;
[Tue Nov 17 14:45:53 2020] [LLNG:12] [debug] User theadmin was granted to access to /saml/singleLogout?SAMLRequest=fZFPb4MwDMW%2FCsq9QGhSIGrpJvWC1O2wTjvsMhnHtEgQGAlVP%2F7Sf1K3w672%2Bz3bz8v1qWuDI4226c2K8TBm62JpoWsHte33%2FeTe6Hsi6wKvM1ZdOis2jUb1YBurDHRklUO1e37ZqiSM1TD2rse%2BZQ%2FI%2FwRYS6PzC7Cg3KzYl4ghy%2BZUiVoDz%2BeUyUVeVzLXGimpQYsMK4AYpGTBx311b%2BRxaycqjXVgnC%2FFSTzjfMbTdy6UkEomYRbLTxZs%2FEWNAXchD84NVkURTO4Q1i0MofPt6Lx3ZBuzb%2BmaBLsGoy5DxuKOHRtN%2FQM3tNO%2BMfZiNzsDSTR6msaoIwcaHIQ%2BmGX06HU1fvXJlJsC9FMXNuamuBVvP9mRPZ9bGk2nIkXMFz4RIZHXWGGaaZwnGhE5JqkWPjqfIqFOha6lEF5HvEpygXqRIofrhD%2Bm9%2BKv7xc%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=5sAPfer9ZBGQJA1cOB3lB80v%2BLqv0EUeB5XDHvobFQxWFM685%2FR0EyqCuFLLEyn5afqQH%2BOdrWz4870pG37BXIzrZQ01mD2lj3zQU8Z3Xobw%2BC8MjxEJiVO5gfb9ICnX6szAESuVrMsvUyZwnpWqic7uQW24I7EbtXhNBs%2FpaUYddbBp5WYTr2GD7bLoRXau8WR7XfupAVeXmpwlK3aYzZLPFW1orHd8pLevdJ8OattUPS9rCjRCvbziAXlICMVCJAm%2FGBE%2Ffl7Du%2BNsNU1cnukp%2FxNuF7qI4XdoFdXNiUvD2%2F1lcreTEIlofq2PJyQ6E3jF4rgPIyYxchaLnZAlpapBe6Si0AwSVG4fzs0kNnW9y145yRcmUQJ0JgLBhXajWZuHv44WLqL6Or71qFIETqHH%2FzHAKY1GAhORDUxNBLmpFI3%2BxKECV8Vn0HI%2FINo1HEXJ5R9poxKMjKknnO7zH75qG2vD2y9gmL0vFtuL%2FFpur8KxRpzjWYsdXENU4aBrP1UKHLrw38PDx08LN9xN1Krq4CMyMbfHs7JCXxWPO0JisoV4fXKVIbDSnk%2Fq1%2Bk0JVrwucQPYynBsfuYL4SQPsKeg2lG15gMccZ4D7fFfz8T7rKkpTSy6cx8fLLIdOk4%2FbM7EBbOpCiHpvDhSWG6SjLNyatkEim9mbwGqRVZqa4%3D
Nginx:
172.18.0.1 - -@video.flap.test - [17/Nov/2020:14:45:52 +0000] "POST /api/v1/users/revoke-token HTTP/2.0" 200 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0" "1.24"
172.18.0.1 - -@video.flap.test - [17/Nov/2020:14:45:52 +0000] "GET /socket.io/?accessToken=c2f6f120f45b6e7585e080261ae56818a71ac44b&EIO=3&transport=websocket&sid=TDvqXSVnbSs43Tk0AAAl HTTP/1.1" 101 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0" "-"
172.18.0.1 - -@auth.flap.test - [17/Nov/2020:14:45:53 +0000] "GET /saml/singleLogout?SAMLRequest=fZFPb4MwDMW%2FCsq9QGhSIGrpJvWC1O2wTjvsMhnHtEgQGAlVP%2F7Sf1K3w672%2Bz3bz8v1qWuDI4226c2K8TBm62JpoWsHte33%2FeTe6Hsi6wKvM1ZdOis2jUb1YBurDHRklUO1e37ZqiSM1TD2rse%2BZQ%2FI%2FwRYS6PzC7Cg3KzYl4ghy%2BZUiVoDz%2BeUyUVeVzLXGimpQYsMK4AYpGTBx311b%2BRxaycqjXVgnC%2FFSTzjfMbTdy6UkEomYRbLTxZs%2FEWNAXchD84NVkURTO4Q1i0MofPt6Lx3ZBuzb%2BmaBLsGoy5DxuKOHRtN%2FQM3tNO%2BMfZiNzsDSTR6msaoIwcaHIQ%2BmGX06HU1fvXJlJsC9FMXNuamuBVvP9mRPZ9bGk2nIkXMFz4RIZHXWGGaaZwnGhE5JqkWPjqfIqFOha6lEF5HvEpygXqRIofrhD%2Bm9%2BKv7xc%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=5sAPfer9ZBGQJA1cOB3lB80v%2BLqv0EUeB5XDHvobFQxWFM685%2FR0EyqCuFLLEyn5afqQH%2BOdrWz4870pG37BXIzrZQ01mD2lj3zQU8Z3Xobw%2BC8MjxEJiVO5gfb9ICnX6szAESuVrMsvUyZwnpWqic7uQW24I7EbtXhNBs%2FpaUYddbBp5WYTr2GD7bLoRXau8WR7XfupAVeXmpwlK3aYzZLPFW1orHd8pLevdJ8OattUPS9rCjRCvbziAXlICMVCJAm%2FGBE%2Ffl7Du%2BNsNU1cnukp%2FxNuF7qI4XdoFdXNiUvD2%2F1lcreTEIlofq2PJyQ6E3jF4rgPIyYxchaLnZAlpapBe6Si0AwSVG4fzs0kNnW9y145yRcmUQJ0JgLBhXajWZuHv44WLqL6Or71qFIETqHH%2FzHAKY1GAhORDUxNBLmpFI3%2BxKECV8Vn0HI%2FINo1HEXJ5R9poxKMjKknnO7zH75qG2vD2y9gmL0vFtuL%2FFpur8KxRpzjWYsdXENU4aBrP1UKHLrw38PDx08LN9xN1Krq4CMyMbfHs7JCXxWPO0JisoV4fXKVIbDSnk%2Fq1%2Bk0JVrwucQPYynBsfuYL4SQPsKeg2lG15gMccZ4D7fFfz8T7rKkpTSy6cx8fLLIdOk4%2FbM7EBbOpCiHpvDhSWG6SjLNyatkEim9mbwGqRVZqa4%3D HTTP/2.0" 400 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0" "-"