Routes for Single Log Out

[f3cp]

Firstly, according to the documentation, "By logging out of the global SSO Session. In this case the IdP will notify you on /saml2/{uuid}/slo endpoint (already provided)." however an /slo endpoint does not appear to be included in the routes specified in the packages routes file.

I notice that an /sls endpoint is also mentioned (which does exist). Are these 2 seperate endpoints or is this just a typo.

Secondly, assuming the /sls endpoint is correct, the behaviour of the /sls endpoint does not appear to match the actions performed upon logout by my idp (OKTA), which is making a POST request to that endpoint (as outlined here). The /sls endpont only accepts GET requests and additionally does not appear to pass on any data related to the logout when it fires the SignedOut event, which seems to contain no methods. This data would be useful to ensuring that I am logging out the correct user from an IDP initiated logout.

It looks like i'm going to need to implement my own endpoint to handle SLO, but just wanted to check if there was something I was missing, since this is described as being implemented according to the docs.

Thanks in advance for any light you can shed on this.

[f3cp]

I dug a little deeper and it looks like this is the issue that I have come up against in relation to the POST request from OKTA. Basically the OneLogin Toolkit does not support it, and Okta won't change their behaviour.

So I guess the only outstanding issue in relation to this package is the possible typo in the docs for /slo endpont, and maybe also, whether additional data could be made available in the SignedOut event.

[dmyers]

Take a look at PR #38 where I ran into this as well.