DEBUG(ipsilon/login/common.py:287 Logout.root()): Calling logout for provider saml2
DEBUG(ipsilon/providers/saml2idp.py:390 IdpProvider.idp_initiated_logout()): IdP-initiated SAML2 logout
HTTP
Request Headers:
COOKIE: ipsilon_default_username=testuser; some_uuid=saml2; idp_ipsilon_session_id=some_big_number
ACCEPT-LANGUAGE: en-US,en;q=0.5
USER-AGENT: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
CONNECTION: keep-alive
REFERER: https://accounts.google.com/Logout?hl=en&continue=https%3A%2F%2Fmail.google…
Remote-Addr: xxx.xxx.xxx.xxx
HOST: ipa.example.com
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
ACCEPT-ENCODING: gzip, deflate, br
HTTP Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/lib/python2.7/site-packages/ipsilon/util/page.py", line 91, in __call__
return op(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/ipsilon/login/common.py", line 289, in root
obj()
File "/usr/lib/python2.7/site-packages/ipsilon/providers/saml2idp.py", line 401, in idp_initiated_logout
logout.initRequest(session.provider_id)
File "/usr/lib64/python2.7/site-packages/lasso.py", line 2898, in initRequest
Error.raise_on_rc(rc)
File "/usr/lib64/python2.7/site-packages/lasso.py", line 62, in raise_on_rc
raise exception
ProfileUnsupportedProfileError: <lasso.ProfileUnsupportedProfileError(-409): Unsupported protocol profile>
Scenario: login to gmail with email testuser at mydomain com, enter credentials at ipsilon page, observe gmail opens.
click on user icon on top right and then on logout. Ipsilon page shows error 500. User still logged in - one can get into gmail without password.
A refresh of logout page causes normal logout. This is CentOS 7 latest - tried on two different installations with different IPA and google apps domains.
Josh.
PS. configuration instructions are from https://ipsilon-project.org/doc/example/google-apps.html