From fed79fc4e719cd7b15c53deb4268d04ce2832564 Mon Sep 17 00:00:00 2001
From: Roman Barbun <romanbarbun@gmail.com>
Date: Mon, 27 Oct 2025 14:56:22 +1100
Subject: [PATCH 1/3] Changed Nginx configuration rules to allow serving static
 assets for SAML auto-post.

---
 .docker/images/nginx/location_prepend_simplesamlphp.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.docker/images/nginx/location_prepend_simplesamlphp.conf b/.docker/images/nginx/location_prepend_simplesamlphp.conf
index 190e5e9a4..ec5896e12 100644
--- a/.docker/images/nginx/location_prepend_simplesamlphp.conf
+++ b/.docker/images/nginx/location_prepend_simplesamlphp.conf
@@ -19,3 +19,10 @@ location ~ /${LAGOON_PROJECT:-govcms}-saml/module.php/saml/sp/(saml2-logout\.php
         }
 }
 
+# Serve only static assets (JS/CSS/images) for SAML auto-post page.
+location ^~ /${LAGOON_PROJECT:-govcms}-saml/assets/ {
+    alias /app/vendor/simplesamlphp/simplesamlphp/public/assets/;
+    access_log off;
+    expires 1h;
+    add_header Cache-Control "public";
+}

From da08c198d1c31e1a4d2a9f32a1f83d73c4c854e6 Mon Sep 17 00:00:00 2001
From: Roman Barbun <romanbarbun@gmail.com>
Date: Fri, 7 Nov 2025 13:07:46 +1100
Subject: [PATCH 2/3] Disabled SP-initiated SLO by default.

---
 .docker/config/simplesaml/metadata/saml20-idp-remote.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.docker/config/simplesaml/metadata/saml20-idp-remote.php b/.docker/config/simplesaml/metadata/saml20-idp-remote.php
index 67d4ea76d..e9c761487 100644
--- a/.docker/config/simplesaml/metadata/saml20-idp-remote.php
+++ b/.docker/config/simplesaml/metadata/saml20-idp-remote.php
@@ -2,6 +2,7 @@
 
 $idpBaseURL = getenv('SIMPLESAMLPHP_IDP_BASE_URL');
 $idpEntityId = getenv('SIMPLESAMLPHP_IDP_ENTITYID') ?: $idpBaseURL;
+$singleLogOut = getenv('SIMPLESAMLPHP_SP_SLO') ?: false;
 $fallbackBinding = getenv('SIMPLESAMLPHP_IDP_DEFAULT_BINDING');
 
 $bindingKeys = [
@@ -23,7 +24,7 @@
     $envVar = getenv($key);
 
     // Special for LOGOUT: fallback to non-logout sibling if present.
-    if (str_contains($key, 'LOGOUT') && empty($envVar)) {
+    if (str_contains($key, 'LOGOUT') && empty($envVar) && $singleLogOut) {
         $nonLogoutKey = str_replace('LOGOUT_', '', $key);
         $envVar = getenv($nonLogoutKey);
     }

From e70c04a8771192a908300f0b45351fd978c773d2 Mon Sep 17 00:00:00 2001
From: Roman Barbun <romanbarbun@gmail.com>
Date: Thu, 13 Nov 2025 12:14:20 +1100
Subject: [PATCH 3/3] Removed SLO changes.

---
 .docker/config/simplesaml/metadata/saml20-idp-remote.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.docker/config/simplesaml/metadata/saml20-idp-remote.php b/.docker/config/simplesaml/metadata/saml20-idp-remote.php
index e9c761487..67d4ea76d 100644
--- a/.docker/config/simplesaml/metadata/saml20-idp-remote.php
+++ b/.docker/config/simplesaml/metadata/saml20-idp-remote.php
@@ -2,7 +2,6 @@
 
 $idpBaseURL = getenv('SIMPLESAMLPHP_IDP_BASE_URL');
 $idpEntityId = getenv('SIMPLESAMLPHP_IDP_ENTITYID') ?: $idpBaseURL;
-$singleLogOut = getenv('SIMPLESAMLPHP_SP_SLO') ?: false;
 $fallbackBinding = getenv('SIMPLESAMLPHP_IDP_DEFAULT_BINDING');
 
 $bindingKeys = [
@@ -24,7 +23,7 @@
     $envVar = getenv($key);
 
     // Special for LOGOUT: fallback to non-logout sibling if present.
-    if (str_contains($key, 'LOGOUT') && empty($envVar) && $singleLogOut) {
+    if (str_contains($key, 'LOGOUT') && empty($envVar)) {
         $nonLogoutKey = str_replace('LOGOUT_', '', $key);
         $envVar = getenv($nonLogoutKey);
     }