SAML 2.0 SLO is not provided a session index #3936
Description
Describe the Bug
Trying using the SAML SLO functionality I get this error:
<samlp:StatusMessage>Missing SessionIndex: session participants MUST include at least one <SessionIndex> element in the logout request</samlp:StatusMessage>Steps to Reproduce
Configure SAML Authentication with SLO functionality based on the documentation
Expected Behaviour
<SessionIndex> Object included in SLO Request
Screenshots or Additional Context
Currently the SLO Request looks like this:
<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="redacted"
Version="2.0"
IssueInstant="2022-12-28T10:00:34Z"
Destination="redacted">
<saml:Issuer>https://redacted/saml2/metadata</saml:Issuer>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">redacted</saml:NameID>
</samlp:LogoutRequest>SAML Login Response (mostly truncated) - Includes SessionIndex
<samlp:Response Version="2.0" ID="redacted" IssueInstant="2022-12-28T10:08:33.861Z" InResponseTo="redacted" Destination="https://redacted/saml2/acs" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Assertion ID="redacted" IssueInstant="2022-12-28T10:08:33.894Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:AuthnStatement SessionIndex="redacted" AuthnInstant="2022-12-28T10:08:33.885Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>Browser Details
No response
Exact BookStack Version
v22.11
PHP Version
No response
Hosting Environment
Inside official Docker Container on our Kubernetes Instance.