Infos:
- Used Zammad version: 6.4
- Used Zammad installation type: package
- Operating system: Ubuntu 22.04
- Browser + version: Chrome 117.0.0.0
Actual behavior:
-
The user manages to connect via the “SAML” button on the connection page, and also manages to connect from our portal (we use Authentik). When we click on “Disconnect” from Zammad, it redirects us to the SLO URL of our portal, without disconnecting us from Zammad.
-
This means that once we arrive on the “You are logged out” page of our portal, we are still connected to our Zammad instance. We need to clear our cookies to sign out.
-
If there is no SAML account linked to the Zammad account, there is no problem logging off. But in this case, no portal appears (normal functioning).
Steps to reproduce the behavior:
SAML Configuration in Zammad: (based on goauthentik io doc)
- Display name: authentik
- IDP SSO target URL: https://[URL]/application/saml/zammad/sso/binding/init/
- IDP SLO target URL: https://[URL]/application/saml/zammad/slo/binding/redirect/
- IDP certificate: ----BEGIN CERTIFICATE---- …
- IDP certificate fingerprint: empty
- Name Identifier Format: empty
SAML Provider (Authentik) config: (based on goauthentik io doc)
- Name : zammad
- ACS URL: https://[URL]/auth/saml/callback
- Issuer: https://[URL]/auth/saml/metadata
- Service Provider Binding: Post
- Audience: https://[URL]/auth/saml/metadata
- Property mappings: Zammad SAML Mapping: name & Zammad SAML Mapping: email
- NameID Property Mapping: Zammad SAML Mapping: name
