SLO Request Not Signed

Cantor, Scott cantor.2 at osu.edu
Fri Apr 14 16:25:55 EDT 2017


> I just switched the views directory back to the default install version, and the
> propagation and status are working fine.  Looks like I screwed something up
> when I modified these to apply our own look and feel.

I figured. If it helps to follow it, the way it works is:

- a logout request gets processed (*) and then the logout.vm view is rendered
- if it thinks there are other logouts to pass along, then it asks about that and if you say to propagate, it will advance and render logout-propagate.vm, and if you say no, it will advance and render logout-complete.vm
- if there's nothing else to do initially, it just wraps up the flow inside logout.vm

You can find the "finish" logic in the various views if you look for the comments labeled
<!-- Complete the flow by adding a hidden iframe. -->

The really nasty work is going to be to redo all this with additional UI options and choices about how to handle it all without invalidating what's there now if people upgrade.

-- Scott

(*) Through the magic of "ugh, this is awful code", both non-SAML and SAML logout requests end up in that same general code path and the rest of the views get used either way.



More information about the users mailing list