Logout shouldn't fail when a OIDC/SAML partner doesn't respond
Affected version
Version: %2.x
Platform: any
Summary
When using a back-channel logout system (SAML/SOAP or new OIDC Back-Channel), if host is filtered, the logout is blocked and the user receives a "timeout" page and is never disconnected
Logs
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] User xguimard was granted to access to /?logout=1
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Start routing default route
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing importHandlerData
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing controlUrl
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing checkLogout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing code ref
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Launching ::Issuer::SAML::logout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] No SAML session found for session a7734274f64ed418e24dc663a5
dfe00ec63ec2837e50c8e82e2feeb547da89a6
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] No SAML session available into this session
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Processing code ref
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Launching ::Issuer::OpenIDConnect::logout
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Access Token signature algorithm: RS512
Jun 15 08:56:56 test-lemonldap docker/sso_auth_1[162903]: [Thu Jun 15 08:56:56 2023] [LLNG:154] [debug] Logout token content: {"events":{"http://schemas.openid.net/
event/backchannel-logout":{}},"iss":"https://sso.linagora.com","sid":"ROW600DdvXMLirrSV4TI0laCC99teH3A+hLDYTxf2HY","sub":"xguimard","aud":["app-canary"],"iat":1686819
416,"jti":"03V99AEL"}
[1 minute to wait...]
Jun 15 08:57:56 test-lemonldap docker/sso_auth_1[162903]: 2023/06/15 08:57:56 [error] 145#145: *12 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 46.255.204.128, server: sso.test.com, request: "GET /?logout=1 HTTP/1.1", upstream: "fastcgi://unix:/run/llng-fastcgi-server/llng-fastcgi.sock", host: "sso.test.com", referrer: "https://sso.linagora.com/"
Jun 15 08:57:56 test-lemonldap docker/sso_auth_1[162903]: 46.255.204.128 - - [15/Jun/2023:08:57:56 +0000] "GET /?logout=1 HTTP/1.1" 504 167 "https://sso.test.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/114.0"