By: Rajarajan Ganesan user 02 May 2020 at 1:12 a.m. CDT

2 Responses
Rajarajan Ganesan gravatar
I have created a a trust relationship between a service provider and identity provider in Gluu version 4.1(Patched version i.e 4.1.1). I am able to login into the service provider successfully through SAML redirect login . But during logout from the service provider i am facing issue as described below. Once i click on logout, below logout SAML request is generated from our gluu server, but while processing , it is not able to complete the logout process and redirect to service provider. ``` <samlp:LogoutRequest Destination="https://gluu-tsi.com/idp/profile/SAML2/Redirect/SLO" ID="_ae231dc41aec00437fec6e1c86e97314" IssueInstant="2020-05-02T05:48:34Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://serviceprovider.com/logout?p=sp1</saml:Issuer> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://gluu-tsi.com/idp/shibboleth" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">assertion provided during login</saml:NameID> <samlp:SessionIndex>_3f0d5c7c1e455c9cb58ef8199685cecf</samlp:SessionIndex> </samlp:LogoutRequest> ``` Below is error, i am getting in browser console > Refused to display 'https://serviceprovider.com?p=logout&u=&signinUrl=signinurl in a frame because it set 'X-Frame-Options' to 'sameorigin'. > I understand from the above error message the identity provider is not able to load in because of x-frame-options set to 'sameorigin'. Since only 'none' and 'sameorigin' are allowed values. It would be impossible to redirect to our service provider. Please help me to resolve this problem.

By Michael Schwartz staff 02 May 2020 at 2:13 p.m. CDT

Michael Schwartz gravatar
@HARJINDER.DHANJAL can you take a look at this issue? ThumbSignIn are technology partners of Gluu.

By Mohib Zico staff 22 May 2020 at 4:52 a.m. CDT

Mohib Zico gravatar
Hi Rajarajan, My apologies for late response. I am sure you are using correct IDP logout url from SP but can you please share what logout url you are using again? 2nd, can you please screen record this whole flow and share that screencast please?