ComponentSpace

Forums



LogoutResponse StatusCode of AuthnFailed using InitiateSloAsync


LogoutResponse StatusCode of AuthnFailed using InitiateSloAsync

Author
Message
mikesu
mikesu
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
Hi,

Using Version 2.0.2.0, I am implementing an SP Initiated SLO using the example solution as a template. The logout response that I receive from the IdP (Okta) is indicating AuthnFailed. Am I supposed to be providing a signature with the LogoutRequest? If so, I don't see anything in the API that allows me to do so. InitiateSsoAsync seems to sign the AuthnRequest, whereas InitiateSloAsync does not sign the LogoutRequest. This is despite the fact that I have WantAssertionOrResponseSigned set to true in the SAML Configurations. Is there a way for me to sign the LogoutRequest that gets sent via InitiateSloAsync? Otherwise, is there anything else I should be looking at to figure out why I would get AuthnFailed as part of my LogoutResponse?

Thanks,
Mike


Tags
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Hi Mike
In your SAML configuration, you set SignLogoutRequest and SignLogoutResponse to true to sign the logout request and response respectively.
For example:

"Name": "http://www.okta.com/exkch8syaa6hDqAJQ0h7",
"Description": "Okta",
"SignAuthnRequest": true,
"SignLogoutRequest": true,
"SignLogoutResponse": true,
"SingleSignOnServiceUrl": "https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_4/exkch8syaa6hDqAJQ0h7/sso/saml",
"SingleLogoutServiceUrl": "https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_4/exkch8syaa6hDqAJQ0h7/slo/saml",
"PartnerCertificates": [
{
  "FileName": "certificates/okta.cer"
}
]




Regards
ComponentSpace Development
mikesu
mikesu
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 5
ComponentSpace - 3/12/2018
Hi Mike
In your SAML configuration, you set SignLogoutRequest and SignLogoutResponse to true to sign the logout request and response respectively.
For example:

"Name": "http://www.okta.com/exkch8syaa6hDqAJQ0h7",
"Description": "Okta",
"SignAuthnRequest": true,
"SignLogoutRequest": true,
"SignLogoutResponse": true,
"SingleSignOnServiceUrl": "https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_4/exkch8syaa6hDqAJQ0h7/sso/saml",
"SingleLogoutServiceUrl": "https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_4/exkch8syaa6hDqAJQ0h7/slo/saml",
"PartnerCertificates": [
{
  "FileName": "certificates/okta.cer"
}
]



"SignLogoutRequest": true  --> This did the trick. Thank You.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)ComponentSpace Development (2.8K reputation)

Group: Administrators
Posts: 2K, Visits: 4.6K
Thanks for the update. I'm glad that got it working.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....









ComponentSpace Forums


Search