- π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
> SAML LoginRequests/LogoutRequests that we construct don't contain anything that has to be dynamic.
I need to recheck LogoutRequests; I think they do contain a NameID.
Caching is nice. It keeps us from having to do hash calculations (signing a SAML message) on every login/logout request.
(Because SAML LoginRequests/LogoutRequests that we construct don't contain anything that has to be dynamic. We're fine caching them for, say, 10 minutes.)
Last time I tried, failed for any cached request to /saml/login / /saml/logout that contains a 'destination' parameter created endless loops. (Analysis in #3205960-4: Drupal route cache causing problems β )
#3205960-7:
I should weigh our options: Either add our own response subscriber that is executed before RedirectResponseSubscriber and strips the 'destination' parameter... or implement our own kind of caching. (Of at least the SAML message including the computed hash - based on the input 'destination' parameter.) Probably the former.
Active
4.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
> SAML LoginRequests/LogoutRequests that we construct don't contain anything that has to be dynamic.
I need to recheck LogoutRequests; I think they do contain a NameID.