A logout response was unexpectedly received.

Hi,

W are facing an intermittent error ‘A logout response was unexpectedly received’ while user logout from the application. We are able to initiate the SLO using SAMLServiceProvider.InitiateSLO method. But this error thrown while SAMLServiceProvider.ReceiveSLO. We are not clear or abandon the ASP.NET session until after calling SAMLServiceProvider.ReceiveSLO.

I have provide the logout code and the SLOService code. Please let me know if you need any additional information.

Logout code
----------------------------------------------------------------------
public ActionResult Logout()
{
FormsAuthentication.SignOut();

string partnerIdP = WebConfigurationManager.AppSettings[“PARTNER_IDP”];
if (SAMLServiceProvider.IsSSO())
{
SAMLServiceProvider.InitiateSLO(Response, string.Empty, partnerIdP);
return new EmptyResult();
}
else
{
Session.Abandon();
return Redirect(“~/”);
}
}

---------------------------------- End —----------------------------



SLOService code
----------------------------------------------------------------------
public ActionResult SLOService()
{
bool isRequest = false;
string logoutReason = null;
string partnerSP = null;

SAMLServiceProvider.ReceiveSLO(Request, out isRequest, out logoutReason, out partnerSP, out string relayState);

if (isRequest)
{
FormsAuthentication.SignOut();
Session.Abandon();
SAMLServiceProvider.SendSLO(Response, null);
}
else
{
Session.Abandon();
FormsAuthentication.RedirectToLoginPage();
}
return new EmptyResult();
}


---------------------------------- End —----------------------------


Thanks,
Niyas

Hi Niyas,

The SAML session state may be lost as a result of the SameSite=None cookie changes to Chrome. For more information, please refer to:

https://www.componentspace.com/Forums/10511/SAML-Cookie-SameSite-Mode-None

The intermittency may be based on what browser users are using. If possible, try seeing if you can reproduce the issue using the latest release of Chrome (version 80).

If you can reproduce the issue, please enable SAML trace and send the generated log file to support@componentspace.com.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Be sure to capture the both successful SSO and failing SLO.

[quote]
ComponentSpace - 3/19/2020
Hi Niyas,

The SAML session state may be lost as a result of the SameSite=None cookie changes to Chrome. For more information, please refer to:

https://www.componentspace.com/Forums/10511/SAML-Cookie-SameSite-Mode-None

The intermittency may be based on what browser users are using. If possible, try seeing if you can reproduce the issue using the latest release of Chrome (version 80).

If you can reproduce the issue, please enable SAML trace and send the generated log file to support@componentspace.com.

https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Be sure to capture the both successful SSO and failing SLO.
[/quote]

Hi,

We are able to replicate this issue. Here are the steps to replicate this issue:
1. Login to the application
2. Logout and re login to the application.

We are using the component space version 3.1.0.0 and we have applied the changes needed related to the chrome SameSite=None cookie changes.
Note : This error we facing after adding the relay state url in the SAMLServiceProvider.InitiateSSO(Response, returnUrl, partnerIdP);

We have sent the SAML event log to the support@componentspace.com. Could you please check and let me know if you need additional information.

Thanks,
Niyas

Thanks for the log file. I’ve replied to your email.