Hello,
i have tried to configure Single-Log-Out in addition to Single-Sign-On. But unfortunately without success.
I’m using the CMS in version 3.3.1 (Docker version) with apache2 as web server.
The authentication is done via SAML towards the ADFS .
In order for the logout button to be displayed in the web interface of the CMS, the value “SLO” must be set to True in the settings-custom.php.
The URL for the single logout service is specified in the “idp” area. In this URL the ADFS server is defined with a corresponding logout page.
The problem is that the session does not close in the browser, but the user still remains logged in.
What can I do so that users can log out?
I have attached my configuration of the SAML settings:
I hope that someone could give me a hand.
Thanks a lot.
Best reguards.
Tim
That line is incorrect in your config. The correct URL is
https://xiboserver/saml/sls
As far as I’m aware, SLS only works where the CMS is setup with a trusted certificate and private key which are then registered in your ADFS server. You’d want to set logoutRequestsSigned to true I think as well.
SLS definitely works with Azure AD. I don’t have access to ADFS anymore to troubleshoot it further.
The URL is a URL which I tested out of desperation. I have modified this to your suggestion.
As soon as I set logoutRequestSigned to true I get an error message and login is no longer possible.
I want to clarify again that the authentication of the users works without problems.
But the logout does not take place. The user session still exists on successful logout.
The CMS has a server certificate and the token singing certificate is exported from the adfs and integrated into the CMS.
idp => x509cert is the certificate from your ADFS server
sp => x509cert and sp => privateKey should be a certificate and key that are registered with your IDP for the purpose of signing the logout request. I suspect you’ve got those empty or set to values that are not proper certificates/keys.