OpenSAML-sample-code icon indicating copy to clipboard operation
OpenSAML-sample-code copied to clipboard
verified publisher icon rasmusson

LogoutRequest can't be processed correctly

Open jasonzhaohello opened this issue 2 years ago • 1 comments

I use OpenSAML to send LogoutRequst to ADFS, but ADFS don't give me a feedback of LogoutResponse

this is the LogoutRequest I send

<saml2p:LogoutRequest Destination="https://saml-1.adfs.com/adfs/ls/" ID="_ab079f61f23cf2bdaf0015049ecf2071" IssueInstant="2023-09-13T09:42:37.100Z" Reason="urn:oasis:names:tc:SAML:2.0:logout:user" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">10.240.211.236</saml2:Issuer> <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">[email protected]</saml2:NameID> saml2p:SessionIndex_18debb21-ee26-42fd-b454-b86fc0cbb597</saml2p:SessionIndex> </saml2p:LogoutRequest>

and this is my code for sending LogoutRequest, I use OpenSAML 3.4.6 for implementing SSO features

private void redirectUserWithRequest(HttpServletResponse httpServletResponse, LogoutRequest logoutRequest) throws Exception { MessageContext context = new MessageContext(); context.setMessage(logoutRequest); SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); endpointContext.setEndpoint(getIPDEndpoint()); SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters(); signatureSigningParameters.setSigningCredential(SpCredentialsProvider.getSigningCredential()); signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); context.getSubcontext(SecurityParametersContext.class, true).setSignatureSigningParameters(signatureSigningParameters); HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); encoder.setMessageContext(context); encoder.setHttpServletResponse(httpServletResponse); encoder.initialize(); encoder.encode(); }

would you mind help me to check why it can't work....thank you very much, there's very little information about OpenSAML logout on the Internet.

jasonzhaohello avatar Sep 13 '23 10:09 jasonzhaohello

Hard to say, you would have to look into the logs of ADFS to get more detail. OpenSAML is not well documented I agree. If you want you can grap one of my book that might give some more insight. A Guide to OpenSAML V3 - https://shop.samlsecurity.com/b/41Tw SAML 2.0: Designing secure identity federation - https://shop.samlsecurity.com/b/fGWSH

rasmusson avatar Sep 27 '23 14:09 rasmusson

I judge this as being a problem with the setup of ADFS in combination with the way the you use OpenSAML. Not a problem with this sample code

rasmusson avatar Nov 20 '24 08:11 rasmusson