SP logging users out after one second of being authenticated
erki at cloudek.eu
erki at cloudek.eu
Tue Aug 23 12:42:37 UTC 2022
Thanks Again, Scott.
We know that the security is low. We will tighten it once the issue has been solved.
All the logs have been investigated and nothing unusual.
Is it possible somehow to read from the Shibboleth log whether the logout is iniated by the SP, IDP or the application behind SP as local logout has been disabled?
Does the following log indicate that the logout is initiated from the application side?
2022-08-23 14:00:15 DEBUG Shibboleth.Listener  [default]: dispatching message (default/Logout::run::SAML2LI)
184.108.40.206 - user1 [23/Aug/2022:14:00:14 +0800] "GET /archibus/schema/ab-core/graphics/archibus-logo-only.svg HTTP/1.1" 200 447 "https://test-iams.asc.com/archibus/login.axvw" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/220.127.116.11 Safari/537.36"
18.104.22.168 - - [23/Aug/2022:14:00:15 +0800] "GET /Shibboleth.sso/Logout HTTP/1.1" 302 2368 "https://test-iams.asc.com/archibus/login.axvw" "Mozilla/5.0 (W
indows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/22.214.171.124 Safari/537.36"
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Tuesday, August 23, 2022 3:18 PM
To: erki at cloudek.eu; 'Shib Users' <users at shibboleth.net>
Subject: Re: SP logging users out after one second of being authenticated
On 8/23/22, 8:11 AM, "erki at cloudek.eu" <erki at cloudek.eu> wrote:
> The config says: consistentAddress="false"
That's not the default, so it must have been changed. Also means you're security here is incredibly low, any XSS attack against that cookie is game over.
> Apache log does not indicate that the Source IP is changing.
Well, that's the most common cause, so other than looking at the remaining log you haven't looked at, that's all I can suggest.
More information about the users