Ruby SAML ACS Logout Request

Question

I have created a SAML2 SSO Login(with google assertion consumer service) as follows:

require 'onelogin/ruby-saml'

class Saml
  class << self
    def init(provider, saml2_idp_url, saml2_issuer_url)
      request = OneLogin::RubySaml::Authrequest.new

      request.create(saml_settings)
    end

    def consume(params)
      OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
    end

    private

    def saml_settings
      idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new

      settings = idp_metadata_parser.parse( File.read("acs.xml") )

      settings.assertion_consumer_service_url = https://certedrive-dev1.ngrok.io/saml2/idp?idpid=xxxxxx
      settings.issuer                         = https://certedrive-dev1.ngrok.io/saml2?idpid=xxxxxx
      settings
    end
  end
end

But, I'm unable to get the equivalent logout with ACS.

I tried:

logout_req = OneLogin::RubySaml::Logoutrequest.new
logout_req_url = logout_req.create(saml_settings)

But, this throws me:

NoMethodError - undefined method `+' for nil:NilClass

I feel the Logout method I'm trying is wrong. What may be the correct way to send out Logout request?

score 2 · Answer 1 · answered Jul 22 '17 at 04:03

Check the code of the ruby-saml-example project.

The logout method handles SP and IdP initiaited SLO flow.

In the use case that you are describing, I think the problem is that you have not defined the idp_slo_target_url attribute at the settings. In ruby-saml-example, that issue is controlled in that line.

For more info, read at ruby-saml's README, the single-log-out section.

Ruby SAML ACS Logout Request

1 Answers1