SAML SLO using Redirect/POST binding does not work with multiple SP
I have setup X Nextcloud (19.0.7) as SAML service provider for lemonldap-ng using coudot/lemonldap-ng:2.0.10 docker image.
SP initiated log-out work for all of them.
However SLO (IDP initiated) only disconnects user from the first instance although lemonldap-ng thinks it is disconnected from the X instances.
I suspect that's lemonldap-ng handle badly Nextcloud session and duplicates the first session it finds.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://auth.example.org;frame-ancestors 'none';child-src nextcloud1.example.org nextcloud1.example.org 'self';
Lemonldap-ng sends X time (X=number of Nextcloud instances connected) the log-out request (each request intended for instance n, 1<n<X) to the first instance and gets a success each time believing that come from the instance n (it explain that lemonldap-ng believe that it logged out from all X instance).
Can anyone try to reproduce with other duplicated instance or analyze the source code in order to know if that's a generalize lemonldap-ng issue or just related to Nextcloud session management.
Here an example with Nextcloud1 and Nextcloud2 as usertest :
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 from Handler::Main::Run
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Check session validity from Handler
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session timeout -> 72000
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session _utime -> 1611674976
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] now -> 1611675001
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session timeoutActivityInterval -> 60
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session TTL = 71975
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] No URL authentication level found...
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] auth.example.org: Apply default rule
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] removing cookie
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Cookies -> llnglanguage=en; lemonldap=f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] CookieName -> lemonldap
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] newCookies -> llnglanguage=en;
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] User usertest was granted to access to /?logout=1
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Start routing default route
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing importHandlerData
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing controlUrl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing checkLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing code ref
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Launching ::Issuer::SAML::logout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session 67911b15e4e4b9df08c6651b0f6b9a199a245877c2456392005c2e6c6c5da54b
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session 67911b15e4e4b9df08c6651b0f6b9a199a245877c2456392005c2e6c6c5da54b deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678 deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Retrieve SAML session f0fd43a8bf0e4fa7d1b7f06580594fd90ea305f53ee0e45b8c67b646ae2f2c06
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SAML session f0fd43a8bf0e4fa7d1b7f06580594fd90ea305f53ee0e45b8c67b646ae2f2c06 deleted
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Loading Session dump: <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2">
lemonldap_serveur | <NidAndSessionIndex ProviderID="https://nextcloud1.example.org/apps/user_saml/saml/metadata" AssertionID="_37644F3372239D1298A2B54C76BDFDCE" SessionIndex="b486d0a72ab6b3ba9c9835d50cddd91b86fe376a2c08735d77b09569a14ae678">
lemonldap_serveur | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">usertest@example.org</saml:NameID>
lemonldap_serveur | </NidAndSessionIndex>
lemonldap_serveur | <NidAndSessionIndex ProviderID="https://nextcloud2.example.org/apps/user_saml/saml/metadata" AssertionID="_F4AFFB7E8B103C89FBEF91325B20696C" SessionIndex="e6a8a7efd22995c1f1a13cc1a077bf373a10aa5b7442932213b28b3b557920fd">
lemonldap_serveur | <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">usertest@example.org</saml:NameID>
lemonldap_serveur | </NidAndSessionIndex>
lemonldap_serveur | </Session>
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Lasso Session loaded
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SLO request signature according to metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] No logout request found, build it
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Request built for https://nextcloud1.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Keep request ID _E5F88878CF20D2228D7BC34E90D5061C in assertion session a0172579b33e67f23d608496cb6ff4121e19abc0a81ab3b082ddd9b1b73fc744
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Send HTTP-REDIRECT logout request to https://nextcloud1.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] SLO request signature according to metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Keep request ID _E5F88878CF20D2228D7BC34E90D5061C in assertion session f6ad093e45418fc4d1818bcfb303877695b83896d40a9d2372f3cd42c3d21b67
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Send HTTP-REDIRECT logout request to https://nextcloud2.example.org/apps/user_saml/saml/metadata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing authLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Cleaning pdata
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Processing deleteSession
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Try to get SSO session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Get session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 from Portal::Main::Run
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Return SSO session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Local handler logout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [notice] User usertest has been disconnected from LDAP (192.168.xxx.xxx)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] [notice] User usertest has been disconnected from LDAP (192.168.xxx.xxx)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Session f036b4d32ed9a9a79084d2694d9d64babbf2869f46e512f143065a9833b97799 deleted from global storage
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Returned error: 47 (PE_LOGOUT_OK)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Display: info detected
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Hidden values :
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Skin returned: info
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Calling sendHtml with template info
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/info.tpl
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CORS policy :
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Origin
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Credentials
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] true
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Headers
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Allow-Methods
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] POST,GET
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Expose-Headers
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] *
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Access-Control-Max-Age
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] 86400
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Required Params URL : https://auth.example.org/
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Set CSP form-action with Params URL : https://auth.example.org
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:50] [debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';script-src 'self';form-action * https://auth.example.org;frame-ancestors 'none';child-src nextcloud1.example.org nextcloud1.example.org 'self';
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /?logout=1 HTTP/1.0" 200 6993 "https://auth.example.org/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D HTTP/1.0" 302 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [info] No cookie found
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Build URL http://auth.example.org/saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Redirect 192.168.xxx.xxx to portal (url was /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Start routing saml
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] URL /saml/singleLogout?SAMLResponse=fZLfa8IwEIDf91eUvmt+1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9/tcw5WTEPgVwu33e5ZAKyLCqxsJ/W4buGyhrQ3rksDIh2K/ZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x/4wZ5zJAAusaTNV2QeRb7q+V0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j/YDFR6oytle6Sbn0AXa6hoaR+w3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63/Vx/kUsHSKfSXBu+sbG/m4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL+UG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33/I5Bs=&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm+TO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry/RAjGjRUtRfnoXCN/3EagZ3R3rt+MwP1As7ktvyv0hlHiR/H08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc/Lo/Txxo7K+9J+mfT4yTRJvKNQ4Z80+CZJYBPe7S6GkSU3pMKoIUQOirDGk/mQeohQBbDx3z2PNu6gUxvHJuGr+BIVGyNt30WJWUSEJ5OvI3bSWbyUpr26+oA== detected as an SLO URL
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] SAML method: HTTP-REDIRECT
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] HTTP-REDIRECT: SAML Response SAMLResponse=fZLfa8IwEIDf91eUvmt%2B1GoNtrC1OgSnMMWHvUhM4xTapPQuwz9%2Ftcw5WTEPgVwu33e5ZAKyLCqxsJ%2FW4buGyhrQ3rksDIh2K%2FZdbYSVcAJhZKlBoBLr57eF4H0qqtqiVbbwn7x%2F4wZ5zJAAusaTNV2QeRb7q%2BV0sXqdL3cjxoKQ8lBGlDOmAj4aH9g4j%2FYDFR6oytle6Sbn0AXa6hoaR%2Bw3yk4RgNNzAygNNkmNoEdZjw83LBQBFZR9dJ3KNODJSGzJR8QKBCHS4ZH37T63%2FVx%2FkUsHSKfSXBu%2BsbG%2Fm4azKIpGUTrjNOOcR9noJQ0G0zHNQjpkaRciaWOTi0K0N6iTaxVGn1EV1uWDWymyqoC4pt27tqh2KjXKXKKckL%2BUG7cSa5ToIPnV34VTm2tvKwunH78ytNli7ZTSAL5HfhTk3nFd33%2FI5Bs%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=peNpaXXaWQPQrVU9i3tQPTd30O02TDwzCk7plt1KPBGLrLLEfaTJm%2BTO2anag1ZcBW39moabwVwhNc1VARlFy97H0vLgmPry%2FRAjGjRUtRfnoXCN%2F3EagZ3R3rt%2BMwP1As7ktvyv0hlHiR%2FH08OlejaBhVgV4jo4wnflmg2NU7n5uv4HRtmLYM2n9GBVp7R9f0EnZog7e5X2ziwLzRNU6iSJz2rAc%2FLo%2FTxxo7K%2B9J%2BmfT4yTRJvKNQ4Z80%2BCZJYBPe7S6GkSU3pMKoIUQOirDGk%2FmQeohQBbDx3z2PNu6gUxvHJuGr%2BBIVGyNt30WJWUSEJ5OvI3bSWbyUpr26%2BoA%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Logout response is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Destination https://auth.example.org/saml/ found in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [error] Destination does not match URL https://auth.example.org/saml/singleLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Found entityID https://nextcloud1.example.org/apps/user_saml/saml/metadata in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] https://nextcloud1.example.org/apps/user_saml/saml/metadata match Nextcloud1 SP in configuration
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Signature is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [warn] Unable to store SLO status for Nextcloud1 because there is no RelayState
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:47] [debug] Display OK status for SLO on Nextcloud1
lemonldap_serveur | 192.168.xxx.xxx - - [26/Jan/2021:15:30:01 +0000] "GET /static/bwr/bootstrap/dist/css/bootstrap.min.css.map HTTP/1.0" 304 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0"
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Get configuration from cache without verification.
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [info] No cookie found
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Build URL http://auth.example.org/saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Redirect 192.168.xxx.xxx to portal (url was /saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D)
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] User not authenticated, Try in use, cancel redirection
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Start routing saml
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] URL /saml/singleLogout?SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY+vltwcgYs7bTRle6dp+cf+MGeczgALIzR62GIPMidVfL6WL1Ol/uSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8+GNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi+gl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk/QX8qN27K14cZC9qu/C+daSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9/yGzbw==&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=uQUqy6T/Vl2iszPgz1PIzNWAxKtlF86Kf/NS+kqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ+h96AlyByhVZgqDnWZOl+elWRJNgw5/eetZIO/rZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3+Ne09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF/Zi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5+5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp+cgi7hG9Iw== detected as an SLO URL
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] SAML method: HTTP-REDIRECT
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] HTTP-REDIRECT: SAML Response SAMLResponse=fZJda8IwFEDf9ytK3zVp2vQj2MLW6hCcwhQf9iJpE6fQJqU3Gf78aZlzsmIeArm5OefmJhPgTd2yhf7U1rxLaLUC6ZyaWgHrt1LXdoppDkdgijcSmKnY%2BvltwcgYs7bTRle6dp%2Bcf%2BMGeczgALIzR62GIPMidVfL6WL1Ol%2FuSBJQ6tN96ftin4h9RCn3fMKjUFRBVIaJKElVUjIE2soOzo7UPSsHRQBWzhUYrsw5CRNvhL0RCTceZT5m2PsYOlVIMEfFTU8%2BGNMCQ4hbcyBjXQo9FvILXTqABpXq2vCNTt3dlM7iOI7ifEZwQQiJi%2Bgl94NpgguKQy8fQmR9bHJRsP4GXXatQsmTqWptRXArhbctIHtu964vqp8aabjghk%2FQX8qN27K14cZC9qu%2FC%2BdaSGfLaysfvzL02Wxtq0oCuA76UaB7x3V9%2FyGzbw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=uQUqy6T%2FVl2iszPgz1PIzNWAxKtlF86Kf%2FNS%2BkqIZejxWKJSJDLBfR7v0AXWj35BVdiNFcQhgAixHfaG0giWQPhJ1CRsNznDGonVPWRGEQ%2Bh96AlyByhVZgqDnWZOl%2BelWRJNgw5%2FeetZIO%2FrZIeG7HbECDDuJhKlsCR3iMwxNJj9Du3%2BNe09txDO9GqIddMyLGjFOJHY68VdvUeeVkhgRJnPT4Gc5TSmBk2QvBF%2FZi2mxNyYAD6I4sw93lIjBESYzupjjcBcQVoY9dvnO0wWASOdjwPsab5w5J5%2B5S9DIVUqJmku1p490rCDBvrt6CJb5N5nBe5uuGp%2Bcgi7hG9Iw%3D%3D
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Logout response is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Destination https://auth.example.org/saml/ found in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [error] Destination does not match URL https://auth.example.org/saml/singleLogout
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Found entityID https://nextcloud1.example.org/apps/user_saml/saml/metadata in SAML message
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] https://nextcloud1.example.org/apps/user_saml/saml/metadata match Nextcloud1 SP in configuration
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Signature is valid
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [warn] Unable to store SLO status for Nextcloud1 because there is no RelayState
lemonldap_serveur | [Tue Jan 26 15:30:01 2021] [LLNG:51] [debug] Display OK status for SLO on Nextcloud1