SAML Logout Redirection Not Working

By: Praveen Srinivasan user 25 Feb 2021 at 4:20 a.m. CST

4 Responses
Praveen Srinivasan gravatar
Hi Team, I was trying to perform SAML Logout form SP The Logout request perfectly happening and redirected to the respective GLUU page. Redirect URI: https://AuthServer/idp/profile/SAML2/Redirect/SLO SAML Logout Request Decoded ``` <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_de5a264ee89c1379fb05a5d11ce1992065fcc77a6e" IssueInstant="2021-02-25T10:05:26Z" Version="2.0" Destination="https://AuthServer/idp/profile/SAML2/Redirect/SLO"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://SPEntityID/</saml:Issuer> <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">username@example.com</saml:NameID> <samlp:SessionIndex>_7e088cefdb6a29ff838826859ef1b5ca</samlp:SessionIndex> </samlp:LogoutRequest> ``` But in GLUU I am getting this error ``` 2021-02-25 10:05:27,863 - 49.205.217.105 - WARN [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:197] - Profile Action WebFlowMessageHandlerAdaptor: Exception handling message org.opensaml.messaging.handler.MessageHandlerException: Message context was not authenticated ``` Debug Log from IdP for the logout: https://drive.google.com/file/d/1-7ajuOrIlf6NthuHC1ZLZSCBiT9PMY5g/view?usp=sharing
Gluu 4.2.1 Ubuntu 18.04
closed

Answers

By Mohib Zico staff 28 Feb 2021 at 11:47 p.m. CST

Copy
Mohib Zico gravatar
I'll test it out and share my settings with you.

By Praveen Srinivasan user 01 Mar 2021 at 12:15 a.m. CST

Copy
Praveen Srinivasan gravatar
Hi @Mohib.Zico, Sure and Thanks in advance.

By Praveen Srinivasan user 21 Apr 2021 at 11:55 p.m. CDT

Copy
Praveen Srinivasan gravatar
Hi @Mohib.Zico, Any update on this?

By Mohib Zico staff 10 May 2021 at 10:31 a.m. CDT

Copy
Mohib Zico gravatar
Hi Praveen, I tested a SAML SP with Gluu Server 3.1.8. Here is the testing [screencast](https://www.youtube.com/watch?v=No5fhWLRrKI&ab_channel=MohibZico) Here is how Gluu Server and SP logout logs look like: - Gluu Server: ``` 2021-05-10 14:51:46,359 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:798] - Performing primary lookup on session ID 36db29e87cba87c4d298c89bcf93cda0ce2308edf259fd1105ca063938297f81 2021-05-10 14:51:46,359 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:615] - Loading SPSession for service https://testappsaml.gluu.org/shibboleth in session 36db29e87cba87c4d298c89bcf93cda0ce2308edf259fd1105ca063938297f81 2021-05-10 14:51:46,359 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:86] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession' 2021-05-10 14:51:46,360 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:553] - Destroyed session 36db29e87cba87c4d298c89bcf93cda0ce2308edf259fd1105ca063938297f81 2021-05-10 14:51:47,616 - 118.179.84.52 - INFO [Shibboleth-Audit.Logout:275] - 20210510T145147Z||||http://shibboleth.net/ns/profiles/logout||||admin||||| 2021-05-10 14:51:53,736 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.SaveLogoutContext:77] - Profile Action SaveLogoutContext: Saving LogoutContext in HTTP session 2021-05-10 14:51:55,840 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.PopulateLogoutPropagationContext:176] - Profile Action PopulateLogoutPropagationContext: Got session to propagate logout: SAML2SPSession{NameID= <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test318.gluu.org/idp/shibboleth" SPNameQualifier="https://testappsaml.gluu.org/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSft+PP7SU6HvbGXe0vikWXIrSgB6JfABzIUUdEoHzDLhqnGeK9LiK24H2fmruhqFZDiGCzIntcmvoJngGED7gRY402o6cCn3pYFmXEdasK2GNL/WRuZfZv1lOxEpsrk9Xyp7viPOvAyNujE=</saml2:NameID>, SessionIndex=_ee47e04d602bb775f31c7065638f198e} 2021-05-10 14:51:55,841 - 118.179.84.52 - DEBUG [net.shibboleth.idp.session.impl.SelectLogoutPropagationFlow:101] - Profile Action SelectLogoutPropagationFlow: Selecting logout propagation flow logoutprop/saml2 2021-05-10 14:51:55,842 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.session.impl.PrepareInboundMessageContext:116] - Profile Action PrepareInboundMessageContext: Initialized inbound message context for logout of https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:55,843 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler' on INBOUND message context 2021-05-10 14:51:55,844 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler' on INBOUND message context 2021-05-10 14:51:55,845 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:184] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://testappsaml.gluu.org/shibboleth] 2021-05-10 14:51:55,845 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Attempting to filter candidate EntityDescriptors via resolved Predicates 2021-05-10 14:51:55,845 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612] - Metadata Resolver FilesystemMetadataResolver SiteSP1: After predicate filtering 1 EntityDescriptors remain 2021-05-10 14:51:55,845 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:266] - Resolved 1 source EntityDescriptors 2021-05-10 14:51:55,845 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:277] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering 2021-05-10 14:51:55,846 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:378] - Attempting to filter candidate RoleDescriptors via resolved Predicates 2021-05-10 14:51:55,846 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:400] - After predicate filtering 1 RoleDescriptors remain 2021-05-10 14:51:55,846 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:145] - Message Handler: org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext 2021-05-10 14:51:55,846 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:132] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:55,846 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:293] - Resolving relying party configuration 2021-05-10 14:51:55,847 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305] - Checking if relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] is applicable 2021-05-10 14:51:55,847 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:307] - Relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] is applicable 2021-05-10 14:51:55,847 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] - Profile Action SelectRelyingPartyConfiguration: Found relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] for request 2021-05-10 14:51:55,848 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context 2021-05-10 14:51:55,848 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:375] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService for outbound message 2021-05-10 14:51:55,848 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:220] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService 2021-05-10 14:51:55,848 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:86] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP' not permitted by input criteria 2021-05-10 14:51:55,849 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:418] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://testappsaml.gluu.org/Shibboleth.sso/SLO/Redirect using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect 2021-05-10 14:51:55,849 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:211] - Profile Action PopulateSignatureSigningParameters: Signing enabled 2021-05-10 14:51:55,849 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:194] - Message Handler: Signing enabled 2021-05-10 14:51:55,849 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:207] - Message Handler: Resolving SignatureSigningParameters for request 2021-05-10 14:51:55,850 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:237] - Message Handler: Adding metadata to resolution criteria for signing/digest algorithms 2021-05-10 14:51:55,850 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:108] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 2021-05-10 14:51:55,850 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:189] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512 2021-05-10 14:51:55,850 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:248] - Message Handler: Resolved SignatureSigningParameters 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:296] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (true), attributes(false) 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:306] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:371] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:382] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:260] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION. Effective entityID was: https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:55,851 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:352] - Resolved cached credentials from KeyDescriptor object metadata 2021-05-10 14:51:55,852 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:388] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm 2021-05-10 14:51:55,852 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:342] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep 2021-05-10 14:51:55,852 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:322] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters 2021-05-10 14:51:55,854 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.session.impl.AddLogoutRequest:249] - Profile Action AddLogoutRequest: Setting Issuer to https://test318.gluu.org/idp/shibboleth 2021-05-10 14:51:55,858 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.profile.impl.EncryptNameIDs:202] - Profile Action EncryptNameIDs: NameID before encryption: <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test318.gluu.org/idp/shibboleth" SPNameQualifier="https://testappsaml.gluu.org/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSft+PP7SU6HvbGXe0vikWXIrSgB6JfABzIUUdEoHzDLhqnGeK9LiK24H2fmruhqFZDiGCzIntcmvoJngGED7gRY402o6cCn3pYFmXEdasK2GNL/WRuZfZv1lOxEpsrk9Xyp7viPOvAyNujE=</saml2:NameID> 2021-05-10 14:51:55,858 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.profile.impl.EncryptNameIDs:252] - Profile Action EncryptNameIDs: Encrypting NameID in LogoutRequest 2021-05-10 14:51:55,858 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.encryption.Encrypter:329] - NameID before encryption: <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://test318.gluu.org/idp/shibboleth" SPNameQualifier="https://testappsaml.gluu.org/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSft+PP7SU6HvbGXe0vikWXIrSgB6JfABzIUUdEoHzDLhqnGeK9LiK24H2fmruhqFZDiGCzIntcmvoJngGED7gRY402o6cCn3pYFmXEdasK2GNL/WRuZfZv1lOxEpsrk9Xyp7viPOvAyNujE=</saml2:NameID> 2021-05-10 14:51:55,861 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.encryption.Encrypter:442] - Placing EncryptedKey elements inline inside EncryptedData 2021-05-10 14:51:55,862 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:179] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.BasicMessageHandlerChain' on OUTBOUND message context 2021-05-10 14:51:55,863 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutRequestImpl' 2021-05-10 14:51:55,863 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:62] - Adding destination to outbound SAML 2 protocol message: https://testappsaml.gluu.org/Shibboleth.sso/SLO/Redirect 2021-05-10 14:51:55,863 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:52] - Message Handler: Checking outbound endpoint for allowed URL scheme: https://testappsaml.gluu.org/Shibboleth.sso/SLO/Redirect 2021-05-10 14:51:55,863 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.SpringAwareMessageEncoderFactory:100] - Looking up message encoder based on binding URI: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect 2021-05-10 14:51:55,867 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:135] - Deflating and Base64 encoding SAML message 2021-05-10 14:51:55,869 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:167] - Building URL to redirect client to 2021-05-10 14:51:55,869 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:279] - Generating signature with key type 'RSA', algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512' over query string 'SAMLRequest=xVdXj6PoEn33r2j1Ploz5NSa6RUZbIMBAwa%2FrAgfyeRgbP%2F6S3dP6Nl0d1a6ui82lOqcqjr1BerTr9eqfLiAfsib%2BvMj8hF%2BfAB11MR5nX5%2BdGzpA%2F346%2FPq0xBUJdo%2B7Zq0mUYLdBMYxgdh%2BcnrYHyFZuPYDk8QNC7GoG1fAB%2FTcpo%2BNn0KHbI8DJsSjNnHYWigw24PWSDOexCNjw%2Bq8Pnxt4DEKQyhSBARIAppJImQBIkTlMZgEiMYenEbhgmo9cJej58fURhFPsDEBwS2EfyJQJ4I4iNN4KfHB%2FdrMehLMUt59fD0lv7nx6mvn5pgyIenOqjA8DRGTwdW2z0trk9t34xN1JSPz2%2FVPr0G7N8z%2FD1BMAygfxHj8fm9GBhCfxcij1to%2BCbGJ%2Bh9pK9xxTrqb%2B0IYlX4V8E%2FXZcOfmcRgjF4UONFY4SEg0VnJkxAgKM0EsA4jFMAZyiYoKkAf3ywby14a%2BWS%2FDzPH2fsNW0UhhEIxqElnYX7F7EEFajHr%2Bq%2BxPsHqN9ltuSqLRo08QNbpk2fj1n1FyTMFwYE%2BSUAA4LSH9Ko%2Btng0POneHjagptaJ80XbDz8BRKG3oLGQ57%2B8gdFF5I3QUk8RAIGDgCSwEwYwgERxQkDhwiDUUGSYI8PFojyNgcvK%2FZvN8j3NfF%2FELUfgg9NANqfD70oKuTpUtA%2FDPqDrkMWII8%2F1wnorVoEedJk6WdKrNIEeR%2FvjeW%2F414iQn8q8Pvl9PrsETDzste%2BvfAvGzLJo2AEz5qqClnB82yF87wp9AfXOsiMcAgEVufSc5edc5mZYY41B4kVeC4TxJ3GnmUWcUQu03jX1a78nd1wqe6uODbV2NLyNZOeBdMXXNNUBPbExZ4OB0f8Ktjs7sWRYxuNE%2BMh9pxvYI4dFt7S0Sx4lmdfWC1gQeAs%2BLSAfY%2BbI1QaQ56oQ8VFdhVzO93FSOMamT908kENMcEUN6zl66AqixDm3vmxYCXN8E0TWFgrxOveVm%2BaLQWvNvtHm6bKomYOM%2F%2BWvSzOG9e5fy%2BZZ2d%2B5UrpVbi%2F6POS9pLEWUIizGrDQtQ1dnhzTGfRQq9IbL8DzzN%2FcM2rYrPhG1bTVpJilQs4ixTu7h%2BRYVe96jKF2KbWrHmWU3%2BzbU5qdol01jxzUoqQwVG%2FmPI7P1Xl1ILVVz92TJRYds%2BzJs2%2BOPDpdnkW2TkmhLat9uZlozBRQUCkWnbwfdCYnYKuS5I77Tzjfh9Xo0bvp564HddlRRLHaDNKqHvenmfEYY6w5GjV9uhNJBsfqoRee5CYQyqeThlDTeEZlROvye8kpFYhQwer%2FCpZG0FERq4LojzrII3OyMEJpBOnb3uSGzzcIKiIxyzTu%2Fg7rkpZnPXWt7ZQmLXR8HIBJdkoQZMgi6up3c9SnSel1raeY%2Fi1l3DuPt3d60awLr0OlWQ5dWhVapC1xcDsYC606YRjxJBFRPPXs%2BJQSttCsySNq8utvtxp5LofKRcTlOSWSqxFtF3vr2s0kwK6uS5baQMRFgP1lotoF00GDfCoaCy9gaANYs2HKRACUxVWrMlyGgu%2FX5QcPzssi6tLQ9iLH2tmBZmFxhu%2BHQp0TGp4p8hmo7PSJKhYqStbWZiwDNOpFanitWeLhqQS5Sh7ioSq2JlAagK2RduiM9F2BK0w9s6hZgmHdE2KAbs0ksJtFjtyAxnMGKg81AlSCK26HQtmUUsdUGUcYm8uGtO1HJvtBg4rvFPZcWrKeubmMEmbOSqwPqbww5hv8FbXZH%2FQ7zZ3lLZccB6zebXjbiMRjrMYHxqOc4OBlISpNAKlWZuhWfM7xddSMV3%2BvRKVei42sPSSxGbsNSXU61sOIWYwct7O8K%2Brw8xclENeYbc7dseF8nBQ%2BpIvgy5qzS5EoCPWzMFxJEoLaaT21JZDUmfq2GLqbn9zs0uHuPEn6E%2FOtm%2FGt9MPen8uvh6dfN5moH%2F9DvlXd9sb3g3KCTxP8njHg3vjW3NCl96WdOyR1Y5ImablbYOLp31pBczVkPWx6mBH8yuY1ka5P84qJEzemPiGccLGvrim8OCZCNfTd47cwr6hVtzNWG8lTqRpP6Du%2BKVM67l0Q%2Fy6EVVrhERgij0zkYGDpBBS3YYYyErbqZykM%2FjOp4Sy0G81oI%2BLk7D0qROEHX3aKNhZ2J396WQciryo9Xluqo1%2BRsi5GAYu4stQUjF%2Bf5A9jTyIPUWfY6wb10cDkEVMMwNLI3v2OLm0bth0FIM5Tx1nDWmxHZ1C00VzHctNStFummWwY02JF6m532gTjwhktNi03pc2hWH0dMyC%2FMq1PD%2Bj9ybzNWZzuO43xGiZ8%2BfPX26591L%2FYPrS2z98CP2v%2B00EXM7e%2BAa949NeDzPYqZ2ioKbZHiXxnDP1Bc07o9obp%2BOkcPaaBbpIytQNj%2B7WNiz5erv2idIMT3G2zrdD5o7IyJS3Or3cunNEAduROa2TriSkbAJ%2Bkg0LJqxECModkd6u7LnZJETLFYfgEpp3c%2B3xeKzCDVgGGP6E2fBpzPlSdIMzmhHqrlIbXFQIa2jO7Mzthb14q3jAVoo4C%2Fxu6Gkev54dvDUy0qeF5nTrc9aIC4xWWuJq5Agi2ztHlkUpnmXE1tVqm3jKDlUPPIN1J%2F%2B69%2Fnr0vOgs62gMdZn1ZUYC%2BVQBFg%2BEELjFFOhUMJHq5%2BLMJJ51Gjb5drk9roRyd6BwqKzpi9jFqAAyGZeVZyqguyTT%2FgWQg13dXsVpatZ8hGkYi1ZceGFjrttmgm3YSdIhF11VAAczZjblINat4iicRFjvOkSWG8FXKL0qjoyoBhRZu16UKNVmyOinj3zrsTmhQWqbrvbwZM0Pl7j54KPUqximGkAhJE0TuVWTH7MEoIDQVn0imKQmGkcT71vRpMdXMraOkrGLNT4sm82iO6aGr2p0Q7bBcvBteg%2FKHuoD5LzmjjdPcpt1geKTwty6Ovj4T40%2F26NfzH%2BYTR7%2FjoTH8DwMm%2BqdQyuz78BsExUMB6TMBqGFEUkGBJRMEmQGJ0gDA2%2BMP0O9s36w4D9%2FB8%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha512' 2021-05-10 14:51:55,876 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:287] - Generated digital signature value (base64-encoded) GmR5vxeQoYLnzMzABL9BPATAniEq0FbS+FqBOpMcDTv6uG5RvjUDu2ZTuIrFt+ZgUn8zR33sW4Mtj/JfIA6epCSE7bYDKNQw9BPm2grwSZcmEiLP0VZ45N3dECqABEWn86nFbrfZE/xZEjLuX24pRb/mdbM1SsNNp2YRuWj17UCIJd9BTogVYv+k1qFnP3WcymjK1YsDTMS/2Aok0qOhemYOJ1ON9/BDLkHhvr5UE9VL81ymwFjj/tMFIJxljwarwcPCVcqoGOG2ngDwhzxI/V/nA4XG8jbhJU1cTXbSbz3qpnJs2L80eB2xj7RxJerYpkRIBpr5Wf4aCzhBA3Bw0Q== 2021-05-10 14:51:55,879 - 118.179.84.52 - DEBUG [PROTOCOL_MESSAGE:70] - <saml2p:LogoutRequest Destination="https://testappsaml.gluu.org/Shibboleth.sso/SLO/Redirect" ID="_a6473176ec5ecb81fc1f1df283063598" IssueInstant="2021-05-10T14:51:55.854Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://test318.gluu.org/idp/shibboleth</saml2:Issuer> <saml2:EncryptedID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <xenc:EncryptedData Id="_160aa649bfea4281a04047e4970587a4" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey Id="_64b1a90ae1f09bb0a5cdf90b1937aff3" Recipient="https://testappsaml.gluu.org/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/> </xenc:EncryptionMethod> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDhjCCAm4CCQDrSVRSG9DSaDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMxCzAJBgNV BAgMAlRYMQ8wDQYDVQQHDAZBdXN0aW4xDTALBgNVBAoMBEdsdXUxCzAJBgNVBAsMAklUMR0wGwYD VQQDDBR0ZXN0YXBwc2FtbC5nbHV1Lm9yZzEcMBoGCSqGSIb3DQEJARYNemljb0BnbHV1Lm9yZzAe Fw0yMDA0MjExOTIyMTFaFw0yMTA0MjExOTIyMTFaMIGEMQswCQYDVQQGEwJVUzELMAkGA1UECAwC VFgxDzANBgNVBAcMBkF1c3RpbjENMAsGA1UECgwER2x1dTELMAkGA1UECwwCSVQxHTAbBgNVBAMM FHRlc3RhcHBzYW1sLmdsdXUub3JnMRwwGgYJKoZIhvcNAQkBFg16aWNvQGdsdXUub3JnMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd5DppmOQvJH9cj5/6Ilq0zsM9LH2+l6BZLXPzzt tM8Our5yW+lm65WcJtF2VkKkw1U9W0FUMmKWXu6AdSmf8+X/Ei/I4guh97ubk2GfXoiz6/Imb98a ixFRJDE1tBqacihq/M8h6sUaFZBNKr6BsX4P57cC3RQXvYLBmgA4AX+ypjH9+PoCGj/fhtF/uDGE upOwFniflMppXUPYnXfBVOgLznoDRvrN/l6luq2mlM/RK3ewU3V/JqDWc96jc8CxkHU7Hpp/wFFt vynvz81xOt7V3DHfygFAR5pqrY+n2hFa8oxInfJ/5R9/rRV1MvMGeoeX7ctlXs58P5+CbgeDaQID AQABMA0GCSqGSIb3DQEBCwUAA4IBAQAvYdMQm/QjMCPYTbD8d6M4qHGQoNAFuDI3lNHKGDu3h3N7 6I4nXTEPFI5ltGXHF2I3k51n50TETR8hETUDMjPOUSnA5U6VQ79eLgcFbKhdUGo/P9taIC/qDFb/ qLAewEMgUemhB1TJvM9qpBAhLsB3jXZlqBIgAXQJSuFJwcj3rd74StiJ4pNMGYsNzTBWFKBakthw LByt5btwEdSoBBVas6FDulPaHo+QbQnCLHYMgEgCLHXl2FrBdP3gvfdQdXol/rNKB15wetBXLPYx Sw9vHSim3yz3z4DlSSHrlClaqcpQqb1/W3owaWt5lR1oFpZplsfnhItp3ILOyVhvq1Vd</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue>uGtz4azoYRwf8lXK6UTtAMW1lgglyJ4EZOlRa9xPGNtmq0UMYm08MtGrWwI/DuXtfYPPZ3trjxg0sXQ1Br8zB6K0YPImByP+KFBE88Ya7z4vlgnwlVb4xJEIRt/EeQEr9u6aU1g/1mysdeGHpqIBFN94LY7DljNyne8Wr9uDDulqDDL8ZJH3kDLkYuZPSjijnNwwomJNk16wjssBcClbFI3COSGXM6SEr78kd3qt+WPe6jd89sA81OAWuV8NPT8cdewigUU+/MdTcZbQV2iN3iQ7HMyMRPAtn7EvFozy8Q4c51tRAgnOlT7338uWhaixBpCCw2zohYM9JSxOJ5tRQw==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue>5aBiAyCo2z4uONbh0UnUjj7uwTtFEki9nv2iqPmOPZWuHBT+AeNE6G7y4czRKblCnK+Y5lQbZdh+iKshVt1t9lyngvyqkc7eTUGBMqFx6/HJaCuGPR05RfDalL5gyxAkoJf5pBjSavbQzQ+XC4dI0oeLO/CZ3T0ZtiClEVak2h5ILmIo4EH5RsokAwBODOEymCeAmHEwDCLsr8C4xkU4pPh6Y8DoZyriAPdj38Hp5xPi11GTLUGGEFdwG1TNImKfXHL2ISC93qZYxOYCxZbQaqTRaoP+kIVF9R2B21eRYeDbPZd7bDl0WRrwjbcGC2PppMBkBONPcGXS73ckMN731e7eehwCIHUmm/TZY5YR17szIKxEFxQlCc/I3p6mBbv8dqKghDysLDF5Tmq7aeUMPwpgB/pVjcctI0otyNFe+KD4F7NmmW9ejt29+VX/oMmJW1IkXQzHdQvAeINTVKsXFMCd+4kjCcg3m99use5PfoUmVm9iWhf5BealjrHHP63QPWZrYQcuTavlnRWFPwDn4ssBJ1NVQM8Jn2q3LawaWh5IsHO/rafk+5ZzX7Vo+S7Cgj6srnWSzso=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </saml2:EncryptedID> <saml2p:SessionIndex>_ee47e04d602bb775f31c7065638f198e</saml2p:SessionIndex> </saml2p:LogoutRequest> 2021-05-10 14:51:55,879 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:89] - Profile Action RecordResponseComplete: Record response complete 2021-05-10 14:51:55,880 - 118.179.84.52 - INFO [Shibboleth-Audit.LogoutPropagation:275] - 20210510T145155Z|||https://testappsaml.gluu.org/shibboleth|http://shibboleth.net/ns/profiles/saml2/logout|https://test318.gluu.org/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_a6473176ec5ecb81fc1f1df283063598||||AAdzZWNyZXQxSft+PP7SU6HvbGXe0vikWXIrSgB6JfABzIUUdEoHzDLhqnGeK9LiK24H2fmruhqFZDiGCzIntcmvoJngGED7gRY402o6cCn3pYFmXEdasK2GNL/WRuZfZv1lOxEpsrk9Xyp7viPOvAyNujE=||true 2021-05-10 14:51:58,401 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:100] - Decoded RelayState: null 2021-05-10 14:51:58,401 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:134] - Base64 decoding and inflating SAML message 2021-05-10 14:51:58,402 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:110] - Decoded SAML message 2021-05-10 14:51:58,402 - 118.179.84.52 - DEBUG [PROTOCOL_MESSAGE:127] - <samlp:LogoutResponse Destination="https://test318.gluu.org/idp/profile/SAML2/Redirect/SLO" ID="_0b5f488f3c5fe466aa2cb2566e8252fd" InResponseTo="_a6473176ec5ecb81fc1f1df283063598" IssueInstant="2021-05-10T14:51:57Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://testappsaml.gluu.org/shibboleth</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> </samlp:LogoutResponse> 2021-05-10 14:51:58,403 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler' on INBOUND message context 2021-05-10 14:51:58,403 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,404 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml1.binding.impl.SAML1ArtifactRequestIssuerHandler' on INBOUND message context 2021-05-10 14:51:58,404 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,404 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler' on INBOUND message context 2021-05-10 14:51:58,404 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,405 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler' on INBOUND message context 2021-05-10 14:51:58,405 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:184] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://testappsaml.gluu.org/shibboleth] 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Attempting to filter candidate EntityDescriptors via resolved Predicates 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612] - Metadata Resolver FilesystemMetadataResolver SiteSP1: After predicate filtering 1 EntityDescriptors remain 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:266] - Resolved 1 source EntityDescriptors 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:277] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering 2021-05-10 14:51:58,406 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:378] - Attempting to filter candidate RoleDescriptors via resolved Predicates 2021-05-10 14:51:58,407 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:400] - After predicate filtering 1 RoleDescriptors remain 2021-05-10 14:51:58,407 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:145] - Message Handler: org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext 2021-05-10 14:51:58,407 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler' on INBOUND message context 2021-05-10 14:51:58,407 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,407 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:158] - Message Handler: Selecting default AttributeConsumingService, if any 2021-05-10 14:51:58,408 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:186] - Resolving AttributeConsumingService candidates from SPSSODescriptor 2021-05-10 14:51:58,408 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:141] - AttributeConsumingService candidate list was empty, can not select service 2021-05-10 14:51:58,408 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:167] - Message Handler: No AttributeConsumingService selected 2021-05-10 14:51:58,408 - 118.179.84.52 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:132] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:58,408 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:293] - Resolving relying party configuration 2021-05-10 14:51:58,409 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305] - Checking if relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] is applicable 2021-05-10 14:51:58,409 - 118.179.84.52 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:307] - Relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] is applicable 2021-05-10 14:51:58,409 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] - Profile Action SelectRelyingPartyConfiguration: Found relying party configuration EntityNames[https://testappsaml.gluu.org/shibboleth,] for request 2021-05-10 14:51:58,410 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.PopulateProfileInterceptorContext:126] - Profile Action PopulateProfileInterceptorContext: Installing flow intercept/security-policy/saml2-slo into interceptor context 2021-05-10 14:51:58,411 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 2021-05-10 14:51:58,411 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:101] - Profile Action SelectProfileInterceptorFlow: Checking flow intercept/security-policy/saml2-slo for applicability... 2021-05-10 14:51:58,411 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:84] - Profile Action SelectProfileInterceptorFlow: Selecting flow intercept/security-policy/saml2-slo 2021-05-10 14:51:58,412 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler' on INBOUND message context 2021-05-10 14:51:58,412 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,412 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:157] - Message Handler: Checking SAML message intended destination endpoint against receiver endpoint 2021-05-10 14:51:58,413 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:190] - Message Handler: Intended message destination endpoint: https://test318.gluu.org/idp/profile/SAML2/Redirect/SLO 2021-05-10 14:51:58,413 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:191] - Message Handler: Actual message receiver endpoint: https://test318.gluu.org/idp/profile/SAML2/Redirect/SLO 2021-05-10 14:51:58,413 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:204] - Message Handler: SAML message intended destination endpoint matched recipient endpoint 2021-05-10 14:51:58,414 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' on INBOUND message context 2021-05-10 14:51:58,414 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,414 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:152] - Message Handler: Evaluating message replay for message ID '_0b5f488f3c5fe466aa2cb2566e8252fd', issue instant '2021-05-10T14:51:57.000Z', entityID 'https://testappsaml.gluu.org/shibboleth' 2021-05-10 14:51:58,414 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler' on INBOUND message context 2021-05-10 14:51:58,415 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,416 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler' on INBOUND message context 2021-05-10 14:51:58,416 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,416 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:103] - Message Handler: SAML protocol message was not signed, skipping XML signature processing 2021-05-10 14:51:58,416 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler' on INBOUND message context 2021-05-10 14:51:58,417 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,417 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:149] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler 2021-05-10 14:51:58,417 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:59] - Constructing signed content string from URL query string SAMLResponse=fZFBa8MwDIX%2FSvC9dezEaWaawFgvhY5BU3rYZTiO3AZS20Q27OcvaRntYPQoS5%2Fe0%2FMa1WXwcudOLoY9oHcWIfm%2BDBbltVWROFrpFPYorboAyqBl8%2Fq%2Bk3yZSj%2B64LQbSLIBDL1VoXe2IucQPEpKw%2FSYsXJ5GmJcuvFE%2B87TiTH9AHRewukeun4EHWiz%2ByDJdlORr7QVJi9Lk2lhIC8KpbhuuSgKKLngppvG7K%2FVg5sAVeSrjK0K0AJ0WzKjmWGd4WWWFpl4KScAMcLWYlA2VISnnC1SsWDpgeVSMClWnyQ5wohX99NhpF7P18srNz7k8TwOhQjjHAGpHyNQ3s%2FsPQY8923rBgjnNX3QuYl62QQVIv6t3lwHyVENEZ5bwOu0bKLWgEhofVO4L6X%2F%2FXj9Aw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=SE2sEm37zMJrb2fTNYZq1Rv1IC6ZyxnS5tJ%2BnuOsR3oz%2FAg5RWQUblV5qZA4BXriFP9qFkka3fetGrF7tse1oPiEm0yah5%2Bx%2FXQn2tYXBPtXHrXFWVquj9VSg3Yz8y7Rs2h0yvHU223a2WLNtAvkCu5GsI5a%2FTQMDGMh%2BLqEPyzkjyye3%2Be6TtyRtFfL1q6Ubh%2FGTkdL0yrIf7sezG2xGL00RmvkNnUvjbgKWLz0%2FAYppX663si4L8LeWyG%2FCNok2kODi3SqLxWUVnWnH3PfPXALWXyETt36DMol8dvLb784tP4zL29DzjgM1pAYmTXKre0Wy%2FMtPeVZ0DhHcNrvLA%3D%3D 2021-05-10 14:51:58,417 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:66] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLResponse=fZFBa8MwDIX%2FSvC9dezEaWaawFgvhY5BU3rYZTiO3AZS20Q27OcvaRntYPQoS5%2Fe0%2FMa1WXwcudOLoY9oHcWIfm%2BDBbltVWROFrpFPYorboAyqBl8%2Fq%2Bk3yZSj%2B64LQbSLIBDL1VoXe2IucQPEpKw%2FSYsXJ5GmJcuvFE%2B87TiTH9AHRewukeun4EHWiz%2ByDJdlORr7QVJi9Lk2lhIC8KpbhuuSgKKLngppvG7K%2FVg5sAVeSrjK0K0AJ0WzKjmWGd4WWWFpl4KScAMcLWYlA2VISnnC1SsWDpgeVSMClWnyQ5wohX99NhpF7P18srNz7k8TwOhQjjHAGpHyNQ3s%2FsPQY8923rBgjnNX3QuYl62QQVIv6t3lwHyVENEZ5bwOu0bKLWgEhofVO4L6X%2F%2FXj9Aw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256 2021-05-10 14:51:58,418 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:201] - Message Handler: Attempting to validate SAML protocol message simple signature using context entityID: https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:58,418 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:287] - Resolving credentials from metadata using entityID: https://testappsaml.gluu.org/shibboleth, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING 2021-05-10 14:51:58,418 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:437] - Retrieving role descriptor metadata for entity 'https://testappsaml.gluu.org/shibboleth' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol' 2021-05-10 14:51:58,418 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:184] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://testappsaml.gluu.org/shibboleth] 2021-05-10 14:51:58,418 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Attempting to filter candidate EntityDescriptors via resolved Predicates 2021-05-10 14:51:58,419 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612] - Metadata Resolver FilesystemMetadataResolver SiteSP1: After predicate filtering 1 EntityDescriptors remain 2021-05-10 14:51:58,419 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:266] - Resolved 1 source EntityDescriptors 2021-05-10 14:51:58,419 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:277] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering 2021-05-10 14:51:58,419 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:378] - Attempting to filter candidate RoleDescriptors via resolved Predicates 2021-05-10 14:51:58,419 - 118.179.84.52 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:400] - After predicate filtering 1 RoleDescriptors remain 2021-05-10 14:51:58,420 - 118.179.84.52 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:352] - Resolved cached credentials from KeyDescriptor object metadata 2021-05-10 14:51:58,420 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:273] - Message Handler: Simple signature validation (with no request-derived credentials) was successful 2021-05-10 14:51:58,420 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:205] - Message Handler: Validation of request simple signature succeeded 2021-05-10 14:51:58,421 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:207] - Message Handler: Authentication via request simple signature succeeded for context issuer entity ID https://testappsaml.gluu.org/shibboleth 2021-05-10 14:51:58,421 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler' on INBOUND message context 2021-05-10 14:51:58,421 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,422 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:149] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler 2021-05-10 14:51:58,422 - 118.179.84.52 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:152] - Message Handler: Handler can not handle this request, skipping 2021-05-10 14:51:58,422 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.CheckMandatoryIssuer' on INBOUND message context 2021-05-10 14:51:58,422 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,423 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.CheckMandatoryAuthentication' on INBOUND message context 2021-05-10 14:51:58,423 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,424 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler' on INBOUND message context 2021-05-10 14:51:58,424 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.LogoutResponseImpl' 2021-05-10 14:51:58,424 - 118.179.84.52 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:80] - Message Handler: Message did not contain any ChannelBindings extensions 2021-05-10 14:51:58,424 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultToStorage:68] - Profile Action WriteProfileInterceptorResultToStorage: No results available from interceptor context, nothing to store 2021-05-10 14:51:58,424 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 2021-05-10 14:51:58,425 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65] - Profile Action SelectProfileInterceptorFlow: Moving completed flow intercept/security-policy/saml2-slo to completed set, selecting next one 2021-05-10 14:51:58,425 - 118.179.84.52 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80] - Profile Action SelectProfileInterceptorFlow: No flows available to choose from 2021-05-10 14:51:58,426 - 118.179.84.52 - INFO [Shibboleth-Audit.Logout:275] - 20210510T145158Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_0b5f488f3c5fe466aa2cb2566e8252fd|https://testappsaml.gluu.org/shibboleth|http://shibboleth.net/ns/profiles/saml2/logout|https://test318.gluu.org/idp/shibboleth|||||||| ``` - SP: ``` 2021-05-10 14:51:57 INFO Shibboleth.SessionCache [4] [default]: request to logout sessions from (https://test318.gluu.org/idp/shibboleth) for (AAdzZWNyZXQxSft+PP7SU6HvbGXe0vikWXIrSgB6JfABzIUUdEoHzDLhqnGeK9LiK24H2fmruhqFZDiGCzIntcmvoJngGED7gRY402o6cCn3pYFmXEdasK2GNL/WRuZfZv1lOxEpsrk9Xyp7viPOvAyNujE=) 2021-05-10 14:51:57 INFO Shibboleth.SessionCache [4] [default]: removed session (_b93fcc1d6591c95110d78c688b695683) ```

Post an answer