SAML Single Logout is Not Happening

By: Praveen Srinivasan user 25 Feb 2021 at 5 a.m. CST

2 Responses
Praveen Srinivasan gravatar
Hi Team, Apologies if the question is wrong. When I try to perform GLUU Single Logout using below Link, I am always getting failed response. I have properly configured Trust Relationship with Logout also (under Configure Relying Party). Error I am getting: https://drive.google.com/file/d/1d-jneHSueGrID0zBdLBwE5C6B6Fjx5ZP/view?usp=sharing Logout URL: https://[IDP]/idp/Authn/oxAuth/logout When I hit above URL it is trying to send logout request to the SP as below but it always shows failed. Can you please tell me what kind of response GLUU expecting in order make the logout success? Or did I miss any configuration in GLUU. SAML Logout Request Decoded: ``` <saml2p:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_de5a264ee89c1379fb05a5d11ce1992065fcc77a6e" IssueInstant="2021-02-25T10:05:26Z" Version="2.0" Destination="https://AuthServer/idp/profile/SAML2/Redirect/SLO"> <saml2:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://SPEntityID/</saml:Issuer> <saml2:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">username@example.com</saml:NameID> <saml2p:SessionIndex>_7e088cefdb6a29ff838826859ef1b5ca</samlp:SessionIndex> </saml2p:LogoutRequest> ``` Single Logout Complete Debug Log From IDP (Shibboleth) https://drive.google.com/file/d/1RG0VUbTUoDk9kbNdc8rug4B50dbAynbu/view?usp=sharing
Gluu 4.2.1 Ubuntu 18.04
closed

Answers

By Mobarak Hosen Shakil staff 26 Feb 2021 at 11:32 a.m. CST

Copy
Mobarak Hosen Shakil gravatar
Hi Praveen Srinivasan, Thanks for reaching out at gluu. I see that SLO responsed very well. That's the normal behavior you got. see this link: https://gluu.org/docs/gluu-server/4.2/admin-guide/saml/#saml-single-logout Thanks & Regards ~ Shakil

By Michael Schwartz Account Admin 02 Mar 2021 at 2:42 p.m. CST

Copy
Michael Schwartz gravatar
There are some authentication scripts you may want to look at if logout is not working, especially the "End Session" authentication script and the `endSession` method of the "Application Session" script. There is also a `logout` method of the Person Authentication interception script. Sometimes these interception scripts can help you add extra business logic to clean up sessions in backend systems to effect logout.

Post an answer