ComponentSpace

Forums



Single Logout Over HTTP Not HTTPS


Single Logout Over HTTP Not HTTPS

Author
Message
AJ
AJ
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 8
Hi,

I'm having an issue with single log out. Our application is acting as a service provider and I am trying to test single log out. I have set the SingleLogoutServiceUrl in the saml.config file using the full URL (http://...). Our identity provider does not have an SSL certificate set up in their pilot site so we need to test over http. However, when I call the SAMLServiceProvider.InitiateSLO method it is redirecting to the SingleLogoutServiceUrl but over https which is failing as https is not set up on the identity provider. Is there any way to disable https for single log out or force InitiateSLO to use the exact SingleLogoutServiceUrl specified in the saml.config file? The SingleLogoutServiceUrl is set to http but the InitiateSLO method is redirecting to https. The saml.config contents are below I just omitted the IDP domain.

Thanks,


<?xml version="1.0"?>
<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name="urn:componentspace:CTUServiceProvider"
       AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
       LocalCertificateFile="C:\\SSOCertificates\\sso_sp.cer"/>
<PartnerIdentityProvider Name="samlidpdemo"
         SignAuthnRequest="false"
         WantSAMLResponseSigned="false"
         WantAssertionSigned="false"
         WantAssertionEncrypted="false"
         SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
         SingleSignOnServiceUrl="http://XXX.com/saml/sso"
         SingleLogoutServiceUrl="http://XXX.com/saml/slo_logout"
         PartnerCertificateFile="C:\\SSOCertificates\\sso_idp.cer"/>
</SAMLConfiguration>


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We don't enforce the use of HTTPS. Whatever URL you specify in the SAML configuration is what we will use. The identity provider might be causing the redirect to HTTPS. If you trace the HTTP traffic you should be able to confirm this. Assuming this is the case, you would then need to talk to the identity provider about this and they may need to change their configuration so the redirect doesn't occur.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search