ComponentSpace

Forums



SP initiated single logout - "Unable to verify the signature"


SP initiated single logout - "Unable to verify the signature"

Author
Message
robert
robert
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 22
We have recently implemented single logout though running into an issue with the upstream IdP not being able to verify the signature of the logout request - no errors, just can't verify.  Everything seems to be functioning fine in our auth server (SP).

We are using licensed component space 2.5.0

Any suggestions to troubleshoot?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Are you supporting SP-initiated SSO and signing the SAML authn request?
I'm just wondering whether the issue is somehow specific to the logout.
The most common issue is that the partner provider is configured with the wrong certificate.
Please confirm that you've supplied them with the correct certificate.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
We can check everything looks ok from your side but you'll probably need to ask the IdP to check their configuration etc as well.
 

Regards
ComponentSpace Development
robert
robert
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 11/25/2019
Are you supporting SP-initiated SSO and signing the SAML authn request?
I'm just wondering whether the issue is somehow specific to the logout.
The most common issue is that the partner provider is configured with the wrong certificate.
Please confirm that you've supplied them with the correct certificate.
If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
We can check everything looks ok from your side but you'll probably need to ask the IdP to check their configuration etc as well.
 

Thanks for your response.  We are supporting SP initiated SSO and signing SAML AuthN requests with no issue... I am a bit perplexed as it seems specific to the logout process. 

I have requested a follow up regarding RP configuration, but wanted to double check here as well in case I may have overlooked during implementation.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I guess the other thing is to confirm with the IdP whether they're checking the signature on the authn request.
If they are then it's very strange that they can verify the signature on the authn request but not the logout request.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search