Passing RelayState in an SP initiated SLO

Hi there,

I am trying to pass a RelayState in an SP initiated SLO, but cannot find a way to do this using the API.

I am using ComponentSpace.SAML2.SAMLServiceProvider.InitiateSLO(HttpResponse httpResponse, string logoutReason, string partnerIdP);

Using Assembly ComponentSpace.SAML2.dll, v2.5.0.5

Any help, much appreciated :slight_smile:


Hi Alienor
Currently we don’t support sending relay state with SLO messages. We certainly could add this support if required.
May I ask why you wish to use relay state with SLO? There might be a better mechanism for supporting what you are trying to do.

Hi there,
The website I am working on is the IdP.
One of our SPs is using SimpleSAMLphp which appears to require a RelayState for SLO requests.
Not sure how easy this is to get around.
Kind regards

If the SP includes relay state with the logout request then the SAML API automatically includes this with the logout response sent back to the SP. This is not exposed to your application.
If your IdP sends a logout request to the SP then there should be no need to include relay state as this is optional and typically not required.
Let me know if you run into any issues.

Hi there,

Thank you for your response.

The initial problem I was having was resolved, this was for SP initiated SLO, we had the wrong single logout service Url configured.

Now I am having a similar problem with IdP initiated SLO when connecting up to the SP. They are using SimpleSAMLphp which appears to throw an error if the relay state is not present. Very frustrating.
I get “Missing RelayState in logout response” on their system. We are using the HTTP-Redirect binding for logout. Initiating logout with SAMLIdentityProvider.InitiateSLO.
I have had a little look around to see what I can find:
Where you can see the issue on line 48:

Do you have any case studies/examples where the IdP is using the Component Space library and an SP is using the SimpleSAMLphp library?

Kind regards

When you call SAMLIdentityProvider.InitiateSLO a logout request is sent. SimplSAMLphp only checks for relay state if it’s receiving a logout response, not a logout request. From the error message, it sounds like a logout response is being sent. The SAMLIdentityProvider.SendSLO method sends a logout response. Please double check InitiateSLO is being called rather than SendSLO.
If there’s still an issue, please enable SAML trace and send the generated log file to mentioning this topic.