SimpleSAMLPHP单点注销

时间:2016-04-29 10:02:53

标签: wso2 saml logout saml-2.0 simplesamlphp

我有这个设置:

--------
|  IDP |---------- SP 1 (SimpleSamlPHP)
|      |
|(WSO2)|---------- SP 2 (SimpleSamlPHP)
--------

问题是我想进行单点注销。我们举一个例子:用户1尝试从SP 1注销,这种交换会发生什么: enter image description here

除了SP 2不破坏本地会话之外,所有这些交换都有效。事实上,当我在进行上述交换后使用方法requireAuth时,我没有被重定向到我的IDP进行身份验证,就好像我的会话在注销后没有被销毁一样:

  $as = new SimpleSAML_Auth_Simple('wso2uone');
  $as->requireAuth();

当我从SP 1开始单一注销过程时,这是SP 2的日志:

    Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] Received message:
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] <saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://helpdesk.example-sp.com/simplesaml/module.php/saml/sp/saml2-logout.php/wso2uone" ID="lmkeehnaifbpfaddffcmneabjkmplbkljlbokmof" IssueInstant="2016-04-29T09:58:19.523Z" NotOnOrAfter="2016-04-29T10:03:19.523Z" Reason="urn:oasis:names:tc:SAML:2.0:logout:user" Version="2.0">
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">wso2</saml2:Issuer>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     <ds:SignedInfo>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       <ds:Reference URI="#lmkeehnaifbpfaddffcmneabjkmplbkljlbokmof">
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]         <ds:Transforms>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]         </ds:Transforms>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]         <ds:DigestValue>Brgosc0wvNGYjuKTGYTl58zgUI8=</ds:DigestValue>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       </ds:Reference>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     </ds:SignedInfo>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     <ds:SignatureValue>G2ESrAYAfeBIFxgvatDBuFQAuBW23PWPwDRyB0wZuz3c9lpdHOxtOlwWW+fDPe+6BN1eRw6qGNDDea2OGaLJfemXvXjivCjbD2k2Hf+k7w5XtLud6TC39U9ZsNLTYiJL/UcTIbbToEYsjBzhb5rVuUbGBR61W08qCCHzEdvUJpU=</ds:SignatureValue>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     <ds:KeyInfo>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       <ds:X509Data>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]         <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]       </ds:X509Data>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     </ds:KeyInfo>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   </ds:Signature>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">admin@carbon.super</saml2:NameID>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <saml2p:SessionIndex>9e2be9bb-868c-4742-b37b-8af35bcffb78</saml2p:SessionIndex>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] </saml2p:LogoutRequest>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] module/saml2/sp/logout: Request from wso2
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 5 STAT [27b1c4637c] saml20-idp-SLO idpinit helpdeskUCOneOne wso2
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] Session: doLogout('wso2uone')
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] Session: Already logged out of wso2uone.
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] Sending message:
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_aec5066001e23d3ac2b10ed0cd34e1404f7d9c9b9e" Version="2.0" IssueInstant="2016-04-29T09:58:19Z" Destination="https://wso2.example.com/samlsso" InResponseTo="lmkeehnaifbpfaddffcmneabjkmplbkljlbokmof">
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <saml:Issuer>helpdeskUCOneOne</saml:Issuer>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   <samlp:Status>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]     <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c]   </samlp:Status>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] </samlp:LogoutResponse>
Apr 29 09:58:19 22602dfb9381 simplesamlphp[408]: 7 [27b1c4637c] Redirect to 466 byte URL: https://wso2.example.com/samlsso?SAMLResponse=fZFNa8JAEIb (#012)

任何人都可以帮助我吗?这是SimpleSAMLPhp中的错误吗?

0 个答案:

没有答案
相关问题
最新问题