From 7f6217dc66ff8ca8b0e5f711b3f97949cac533c2 Mon Sep 17 00:00:00 2001
From: sjyu1 <93505580+sjyu1@users.noreply.github.com>
Date: Thu, 11 Sep 2025 10:04:26 +0900
Subject: [PATCH] =?UTF-8?q?sso=20logout=EC=8B=9C=20keycloak=20=EC=84=B8?=
 =?UTF-8?q?=EC=85=98=20=EC=A2=85=EB=A3=8C=EB=90=98=EB=8F=84=EB=A1=9D=20?=
 =?UTF-8?q?=EC=88=98=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/pybind/mgr/dashboard/controllers/saml2.py | 18 +++++++++++++++++-
 src/pybind/mgr/dashboard/module.py            |  1 +
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py
index 55445bc94d7b2..d16ab7da5a8cb 100644
--- a/src/pybind/mgr/dashboard/controllers/saml2.py
+++ b/src/pybind/mgr/dashboard/controllers/saml2.py
@@ -90,6 +90,11 @@ def login(self):
         Saml2._check_python_saml()
         req = Saml2._build_req(self._request, {})
         auth = OneLogin_Saml2_Auth(req, mgr.SSO_DB.saml2.onelogin_settings)
+
+        # login user session
+        cherrypy.session['samlNameId'] = auth.get_nameid()
+        cherrypy.session['samlSessionIndex'] = auth.get_session_index()
+
         raise cherrypy.HTTPRedirect(auth.login())
 
     @Endpoint(json_response=False, version=None)
@@ -97,7 +102,18 @@ def slo(self):
         Saml2._check_python_saml()
         req = Saml2._build_req(self._request, {})
         auth = OneLogin_Saml2_Auth(req, mgr.SSO_DB.saml2.onelogin_settings)
-        raise cherrypy.HTTPRedirect(auth.logout())
+
+        # login user session
+        name_id = cherrypy.session.get('samlNameId')
+        session_index = cherrypy.session.get('samlSessionIndex')
+        #settings = mgr.SSO_DB.saml2.onelogin_settings.copy()
+        #settings['security']['logoutRequestSigned'] = False
+        #settings['security']['logoutResponseSigned'] = False
+        #settings['sp']['singleLogoutService']['binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
+        #settings['idp']['singleLogoutService']['binding'] = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
+        #auth = OneLogin_Saml2_Auth(req, settings)
+
+        raise cherrypy.HTTPRedirect(auth.logout(name_id=name_id, session_index=session_index))
 
     @Endpoint(json_response=False, version=None)
     def logout(self, **kwargs):
diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index 3b3519e7bf0f4..14a761c12c87b 100644
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -150,6 +150,7 @@ def _configure(self):
             'tools.json_in.on': True,
             'tools.json_in.force': True,
             'tools.plugin_hooks_filter_request.on': True,
+            'tools.sessions.on': True,
         }
 
         if use_ssl: