feat: add saml signout url

macite · macite · commit 1f079b990b5b · 2025-05-30T17:07:02.000+10:00
diff --git a/app/api/authentication_api.rb b/app/api/authentication_api.rb
@@ -153,6 +153,23 @@ class AuthenticationApi < Grape::API
       end
       redirect "#{host}/sign_in?authToken=#{onetime_token.authentication_token}&username=#{user.username}"
     end
+
+    # Saml 2 logout callback
+    desc 'SAML2.0 logout callback'
+    params do
+      requires :SAMLResponse, type: String, desc: 'SAML logout response data.'
+    end
+    post '/auth/saml_logout' do
+      response = OneLogin::RubySaml::Logoutresponse.new(params[:SAMLResponse], allowed_clock_drift: 1.second,
+                                                                               settings: AuthenticationHelpers.saml_settings)
+
+      # Check if the SAML response is valid - if not log an error
+      unless response.is_valid?
+        logger.error "Invalid SAML logout response: #{response.errors.join(', ')}"
+      end
+
+      redirect "#{host}/sign_in"
+    end
   end
 
   #
@@ -343,7 +360,7 @@ class AuthenticationApi < Grape::API
     end
 
     # Remove the refresh token cookie - if remember is false
-    add_refresh_cookie_to_response(false) unless params[:remember]
+    add_refresh_cookie_to_response(false) if params[:remember]
     present nil
   end
 
