Hi i use auth0 as idp provider. Saml login get success new user can be created and login each time we try.
Bu having issue on single logout we get " No active session(s) found matching LogoutRequest " error from auth0 side.
Auth0 says this happens only if SessionIndex and NameID doesnt match with IDP. so i opened debug mode and check the errors.
If someone can help for this issue i will be glad thx.
SAML SETTINGS
$authentication = new \Xibo\Middleware\SAMLAuthentication();
$samlSettings = array (
‘workflow’ => array(
// Enable/Disable Just-In-Time provisioning
‘jit’ => true,
// Attribute to identify the user
// if set to nameId then the NameID from SAML will be taken and used as the
// username in Xibo.
‘field_to_identify’ => ‘UserName’, // Alternatives: UserID, UserName, email
// Default libraryQuota assigned to the created user by JIT
//‘libraryQuota’ => 2048,
// Initial User Group
‘group’ => ‘Users’,
// Home Page
‘homePage’ => ‘statusdashboard’,
// Enable/Disable Single Logout
‘slo’ => true,
// Attribute mapping between Xibo-CMS and the IdP
‘mapping’ => array (
‘UserID’ => ‘’,
‘firstName’ => ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname’,
‘lastName’ => ‘http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname’,
‘usertypeid’ => ‘’,
‘UserName’ => ‘http://schemas.auth0.com/username’,
‘email’ => ‘http://schemas.auth0.com/email’,
‘ref1’ => ‘’,
‘ref2’ => ‘’,
‘ref3’ => ‘’,
‘ref4’ => ‘’,
‘ref5’ => ‘’
)
),
// Configure the IdP and SP
‘strict’ => false,
‘debug’ => true,
‘idp’ => array (
‘entityId’ => ‘auth0 metadata’,
‘singleSignOnService’ => array (
‘url’ => ‘auth0 endpoint’,
‘binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
),
‘singleLogoutService’ => array (
‘url’ => ‘auth0 logout service’,
‘binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
),
‘x509cert’ => ‘certificate’,
),
‘sp’ => array (
‘entityId’ => ‘https://sub.domain.tld/saml/metadata’,
‘assertionConsumerService’ => array (
‘url’ => ‘https://sub.domain.tld/saml/acs’,
‘binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
),
‘singleLogoutService’ => array (
‘url’ => ‘https://sub.domain.tld/saml/sls’,
‘binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
),
‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified’,
‘x509cert’ => ‘certificate’,
‘privateKey’ > ‘privatekey’,
),
‘security’ => array (
‘nameIdEncrypted’ => false,
‘authnRequestsSigned’ => false,
‘logoutRequestSigned’ => false,
‘logoutResponseSigned’ => false,
‘signMetadata’ => false,
‘wantMessagesSigned’ => false,
‘wantAssertionsSigned’ => true,
‘wantAssertionsEncrypted’ => false,
‘wantNameIdEncrypted’ => false,
)
);
*** I also tried slo with nameidformat emailAddress it also doesnt work. Change field to identy to all its possible everytime logedin but couldnt logedout.
created new user with saml and tried to logout.
debug result are below.
5812,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Loading 37. All Objects = 0”,DEBUG
5813,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5814,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5815,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“CMS font CSS returned from Cache.”,DEBUG
5816,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Route drawer not viewable”,DEBUG
5817,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Blocked assess to unrecognised page: /drawer.”,DEBUG
5818,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Showing the homepage: 29”,DEBUG
5819,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5820,aa8f295,“2018-11-16 20:10:03”,WEB,/,GET,“Request stats: {
"default": {
"select": 6
},
"log": {
"insert": 8
},
"length": 0.13289284706116,
"memoryUsage": 9830392,
"peakMemoryUsage": 9884064
}.”,INFO
5821,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Loading 37. All Objects = 0”,DEBUG
5822,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5823,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5824,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“CMS font CSS returned from Cache.”,DEBUG
5825,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route drawer not viewable”,DEBUG
5826,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Blocked assess to unrecognised page: /drawer.”,DEBUG
5827,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5828,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5829,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5830,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5831,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“UserOption hideNavigation not found”,DEBUG
5832,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route user not viewable”,DEBUG
5833,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route usergroup not viewable”,DEBUG
5834,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route admin not viewable”,DEBUG
5835,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route application not viewable”,DEBUG
5836,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route module not viewable”,DEBUG
5837,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route transition not viewable”,DEBUG
5838,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route log not viewable”,DEBUG
5839,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route sessions not viewable”,DEBUG
5840,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route auditlog not viewable”,DEBUG
5841,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route fault not viewable”,DEBUG
5842,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route help not viewable”,DEBUG
5843,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Route drawer not viewable”,DEBUG
5844,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“UserOption lockPosition not found”,DEBUG
5845,e4e18a6,“2018-11-16 20:10:03”,WEB,/dashboard/status,GET,“Request stats: {
"default": {
"select": 8
},
"log": {
"insert": 24
},
"length": 0.19639611244202,
"memoryUsage": 11137704,
"peakMemoryUsage": 11254608
}.”,INFO
5846,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Loading 37. All Objects = 0”,DEBUG
5847,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5848,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5849,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“CMS font CSS returned from Cache.”,DEBUG
5850,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Route drawer not viewable”,DEBUG
5851,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Blocked assess to unrecognised page: /drawer.”,DEBUG
5852,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5853,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“CMS font CSS returned from Cache.”,DEBUG
5854,0bc9b2e,“2018-11-16 20:10:04”,WEB,/library/fontcss,GET,“Request stats: {
"default": {
"select": 5
},
"log": {
"insert": 8
},
"length": 0.1169650554657,
"memoryUsage": 9834072,
"peakMemoryUsage": 9892232
}.”,INFO
5855,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Loading 37. All Objects = 0”,DEBUG
5856,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5857,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Route user not viewable”,DEBUG
5858,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Blocked assess to unrecognised page: /user/pref.”,DEBUG
5859,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Access Denied#0 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/SAMLAuthentication.php(387): Xibo\Entity\User->routeAuthentication(‘/user/pref’)
#1 [internal function]: Xibo\Middleware\SAMLAuthentication->Xibo\Middleware{closure}()
#2 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1208): call_user_func_array(Object(Closure), Array)
#3 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1354): Slim\Slim->applyHook(‘slim.before.dis…’)
#4 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Actions.php(160): Slim\Middleware\MethodOverride->call()
#7 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Theme.php(36): Xibo\Middleware\Actions->call()
#8 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/SAMLAuthentication.php(413): Xibo\Middleware\Theme->call()
#9 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/CsrfGuard.php(63): Xibo\Middleware\SAMLAuthentication->call()
#10 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/State.php(122): Xibo\Middleware\CsrfGuard->call()
#11 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Storage.php(47): Xibo\Middleware\State->call()
#12 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Xmr.php(37): Xibo\Middleware\Storage->call()
#13 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1300): Xibo\Middleware\Xmr->call()
#14 /var/www/vhosts/domain.tld/sub.domain.tld/web/index.php(124): Slim\Slim->run()
#15 {main}”,DEBUG
5860,981d71b,“2018-11-16 20:10:04”,WEB,/user/pref,GET,“Request stats: {
"default": {
"select": 5
},
"log": {
"insert": 5
},
"length": 0.074276924133301,
"memoryUsage": 7712544,
"peakMemoryUsage": 7776856
}.”,INFO
5861,d9630dc,“2018-11-16 20:10:04”,WEB,/dashboard/status/displays,GET,“Loading 37. All Objects = 0”,DEBUG
5862,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5863,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5864,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“CMS font CSS returned from Cache.”,DEBUG
5865,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“sortOrderdisplay
”,DEBUG
5866,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5867,d9630dc,“2018-11-16 20:10:05”,WEB,/dashboard/status/displays,GET,“Request stats: {
"default": {
"select": 7
},
"log": {
"insert": 6
},
"length": 0.11557793617249,
"memoryUsage": 9902448,
"peakMemoryUsage": 10006928
}.”,INFO
5868,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Loading 37. All Objects = 0”,DEBUG
5869,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Checking permissions against the logged in user: ID: 37, Name: testuser, UserType: 3”,DEBUG
5870,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Route user not viewable”,DEBUG
5871,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Blocked assess to unrecognised page: /user/pref.”,DEBUG
5872,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Access Denied#0 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/SAMLAuthentication.php(387): Xibo\Entity\User->routeAuthentication(‘/user/pref’)
#1 [internal function]: Xibo\Middleware\SAMLAuthentication->Xibo\Middleware{closure}()
#2 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1208): call_user_func_array(Object(Closure), Array)
#3 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1354): Slim\Slim->applyHook(‘slim.before.dis…’)
#4 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Actions.php(160): Slim\Middleware\MethodOverride->call()
#7 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Theme.php(36): Xibo\Middleware\Actions->call()
#8 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/SAMLAuthentication.php(413): Xibo\Middleware\Theme->call()
#9 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/CsrfGuard.php(63): Xibo\Middleware\SAMLAuthentication->call()
#10 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/State.php(122): Xibo\Middleware\CsrfGuard->call()
#11 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Storage.php(47): Xibo\Middleware\State->call()
#12 /var/www/vhosts/domain.tld/sub.domain.tld/lib/Middleware/Xmr.php(37): Xibo\Middleware\Storage->call()
#13 /var/www/vhosts/domain.tld/sub.domain.tld/vendor/slim/slim/Slim/Slim.php(1300): Xibo\Middleware\Xmr->call()
#14 /var/www/vhosts/domain.tld/sub.domain.tld/web/index.php(124): Slim\Slim->run()
#15 {main}”,DEBUG
5873,a41776b,“2018-11-16 20:10:05”,WEB,/user/pref,POST,“Request stats: {
"default": {
"select": 5
},
"log": {
"insert": 5
},
"length": 0.074083089828491,
"memoryUsage": 7691936,
"peakMemoryUsage": 7758480
}.”,INFO
5874,43e5e15,“2018-11-16 20:10:11”,WEB,/saml/logout,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5875,43e5e15,“2018-11-16 20:10:11”,WEB,/saml/logout,GET,“CMS font CSS returned from Cache.”,DEBUG
5876,43e5e15,“2018-11-16 20:10:11”,WEB,/saml/logout,GET,“Checking permissions against the logged in user: ID: 0, Name: , UserType: 0”,DEBUG
5877,43e5e15,“2018-11-16 20:10:11”,WEB,/saml/logout,GET,“Route drawer not viewable”,DEBUG
5878,43e5e15,“2018-11-16 20:10:11”,WEB,/saml/logout,GET,“Blocked assess to unrecognised page: /drawer.”,DEBUG
5879,e55aef2,“2018-11-16 20:10:23”,WEB,/fault/collect,GET,“Loading 1. All Objects = 0”,DEBUG
5880,e55aef2,“2018-11-16 20:10:23”,WEB,/fault/collect,GET,“Install Fonts called with options: {"invalidateCache":false}”,DEBUG
5881,e55aef2,“2018-11-16 20:10:23”,WEB,/fault/collect,GET,“CMS font CSS returned from Cache.”,DEBUG