Evergreen

SSO re-login failure when global logout is disabled

Bug #1989209 reported by Mike Rylander on 2022-09-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	Fix Released	High	Unassigned	Evergreen 3.9.1
	3.8	Fix Released	High	Unassigned	Evergreen 3.8.2

Bug Description

Evergreen version: 3.9+ (probably 3.7+, but not reported)

When using Shibboleth for SSO, and global logout is disabled, logging in after logout on the same computer can fail with a 404-Not Found. The problem is that we need to ignore our local "don't trust Shibboleth login" cookie in this situation.

This change also means we need to delegate SP logout, in addition to possible IdP and/or global logout, to the Shibboleth configuration. Therefore we always redirect to the Shibboleth logout service on Evergreen logout (when Shibboleth SSO is enabled), and SP, IdP, and global logout is configured and mediated by the Shibboleth and IdP configuration.

See https://shibboleth.atlassian.net/wiki/spaces/SHIB2/pages/2577072384/NativeSPLogoutInitiator for information on the Shibboleth configuration required for your local needs.

Branch forthcoming...

Tags:

Revision history for this message

Mike Rylander (mrylander) wrote on 2022-09-09:

Fix available at the top of https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/miker/lp-1989209-sso-logout-fix

tags:	added: pullrequest shibboleth sso
Changed in evergreen:
assignee:	Mike Rylander (mrylander) → nobody

Revision history for this message

Jason Boyer (jboyer) wrote on 2022-09-09:

Tested with and without timeout and with and without IdP logout enabled, works for me!

Signoff is here: https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/jboyer/lp1989209-sso-signout-signoff / working/user/jboyer/lp1989209-sso-signout-signoff

Michele Morgan (mmorgan) on 2022-09-13

tags:

added: signedoff

Michele Morgan (mmorgan) on 2022-09-30

Changed in evergreen:
milestone:	none → 3.9.1

Revision history for this message

Galen Charlton (gmc) wrote on 2022-10-11:

Pushed to master and rel_3_9. Thanks, Mike and Jason!

Revision history for this message

Galen Charlton (gmc) wrote on 2022-10-11:

Also pushed to rel_3_8.

Changed in evergreen:
status:	Confirmed → Fix Committed

Evergreen Bug Maintenance (bugmaster) on 2022-11-03

Changed in evergreen:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.