Reviewed: https://reviews.mahara.org/7825 Committed: https://git.mahara.org/mahara/mahara/commit/9a8d550be15cfe2c3013bc6ce8e48cc5ae01323e Submitter: Robert Lyon ([email protected]) Branch: 17.04_STABLE
commit 9a8d550be15cfe2c3013bc6ce8e48cc5ae01323e Author: Yaju Mahida <[email protected]> Date: Thu May 25 17:08:26 2017 +1000 Bug 1693426: destroy mahara session when Single Logout is initiated by IdP behatnotneeded Change-Id: Ia08cb73ae0603b57eb5a286c0a705a16a9f4c373 (cherry picked from commit 7e349565bc05051c465a11706ed07a9344091751) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1693426 Title: Destroy mahara session when Single Logout is initiated by IdP Status in Mahara: Fix Committed Status in Mahara 17.04 series: Fix Committed Status in Mahara 17.10 series: Fix Committed Bug description: For our Single Sign-on implementation, we encountered this bug where Mahara session is not destroyed for another SP initiated logouts. For example, consider a scenario where two applications Mahara (SP1) and Moodle (SP2) are setups as service providers and connected with IdP. When a user logs out from Moodle (SP2) it sends a logout request to IDP and from there IDP sends a logout request to Mahara (SP2) which supports SLO. After receiving logout request from IDP, Mahara destroys simplesamlphp session but not Mahara session. As a result, a user is still logged on to Mahara even local simplesamlphp session and IdP sessions are destroyed! We investigated this issue and fixed it using a hack which destroys Mahara session also. We will be submitting a patch to via Gerrit for review. This is not a perfect solution as believing there should be other ways to do this perfectly e.g. first destroy simplesamlphp session, confirm that we are logged out from IdP and then destroy Mahara session. This doesn't happen when logout is initiated from Mahara (SP2) as it first destroys Mahara session and thereafter simplesamlphp session. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1693426/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
