Univention Bugzilla – Bug 50603
Enable signed Single Logouts
Last modified: 2020-01-28 09:18:59 CET
Created attachment 10254 [details] Patch by fbest for signed logouts in saml/univention-saml/listener/univention-saml-simplesamlphp-configuration.py Currently, it's not possible to sign single logouts with the integration of simplesamlphp in UCS. At least Open-Xchange requires signed single logouts, it just throws an internal server error if the signature is missing. In /var/log/open-xchange/open-xchange.log.0 the following exception can be found: 2019-12-04T14:58:34,671+0100 ERROR [OXWorker-0000088] com.openexchange.saml.http.SingleLogoutService.handleRequest(SingleLogoutService.java:106) Error while handling SAML login response [...] com.openexchange.exception.OXException: SAML-0007 Categories=ERROR Message='SAML message validation failed: The response is digitally signed but its signature cannot be verified. (Response '_088a4e807c47db283aca9a4e96557951242f07c60f' is not signed via request URI)' Florian Best wrote a patch for the listener module univention-saml-simplesamlphp-configuration.py. It's attached and fixes the problem. We should allow users to enable signed logouts per service provider object using UDM/UMC.
*** This bug has been marked as a duplicate of bug 49305 ***
Yes, duplicate.