6.5 SAML logout not working after upgrade.

sdouglasmc

15-11-2019

We recently did an upgrade from 6.3 to 6.5.  We ported the code and content over to a fresh instance of 6.5 instead of doing an in-place upgrade.with

Everything seems to work great with SAML Authentication, we have two configurations - one for site A and one for site B.  All works in our 6.3 instance.  Authentication login in the new 6.5 works great as well, but logout does not.

I can no longer see the logout url (configured in the auth handler) actually being called whereas in the current 6.3 I can see it through the saml console in the browser tools.  What is weird is, the resource value we set in the sling logout url (siteA/saml_logout)is actually trying to be routed through the dispatcher, which fails because it isn't an actual resource - its a path to simply differentiate between it and site Bs saml auth handler.

Anyway, point is, works in our 6.3 but not in 6.5 and we have changed nothing regarding settings.  

Thoughts?

Accepted Solutions (1)

Accepted Solutions (1)

sdouglasmc

20-11-2019

The problem was, we were using the acs-commons environment indicator.  Disabling this, resolved the issue.  Because the saml authentication handler does this in PostBinding:

      httpResponse.addHeader("cache-control", "private, max-age=0, no-cache, no-store");

      httpResponse.getOutputStream().print(builder.toString());

      httpResponse.flushBuffer();

It was being messed up by the acs-commons indicator.

Answers (0)