Hi,
We have successfully implemented a service provider with ComponentSpace.SAML2. The Login procedure works well. However, Single-LogOut does not seem to work. There is no exception, no error, and according to the trace, all went well. However, according to the Apache Logs on the Identity Provider’s side, no request is being received. The URLS seem to be correct (a browser connects fine to the URLs copy/pasted from the SAML trace, and these requests are being logged by the IP’s Apache.
I can supply the trace, but haven’t done so right away because it contains a lot of “sensitive” information.
Thank you in advance for any advice,
Chris
In our SAML trace do you see a logout request being sent to the identity provider and then a logout response being received from the identity provider?
If a logout request is being sent but no logout response is being received then this could mean something is not quite right at the identity provider and I would expect something to be logged at their end to indicate a problem.
If the Apache logs aren’t showing the logout request being received, I suggest using something like Fiddler to trace the HTTP traffic to confirm whether the logout request is being sent.
If there’s no logout request in the HTTP trace then make sure in your code that you are not sending any HTML markup etc as part of the page on which you are calling our API to initiate logout. If there is a logout request then you’ll need to contact the identity provider again to see where the message could be going missing.
Your welcome to email the SAML trace to us redacting sensitive information as required.
I have found the problem. I had my own Response.Redirect() to the login page after the call to InitiateSLO() – a left-over from pre-SAML times, thus breaking the browser redirects between SP and IdP.