Hi,
I’m having an issue with single log out. Our application is acting as a service provider and I am trying to test single log out. I have set the SingleLogoutServiceUrl in the saml.config file using the full URL (http://…). Our identity provider does not have an SSL certificate set up in their pilot site so we need to test over http. However, when I call the SAMLServiceProvider.InitiateSLO method it is redirecting to the SingleLogoutServiceUrl but over https which is failing as https is not set up on the identity provider. Is there any way to disable https for single log out or force InitiateSLO to use the exact SingleLogoutServiceUrl specified in the saml.config file? The SingleLogoutServiceUrl is set to http but the InitiateSLO method is redirecting to https. The saml.config contents are below I just omitted the IDP domain.
Thanks,
<?xml version="1.0"?>
<ServiceProvider Name=“urn:componentspace:CTUServiceProvider”
AssertionConsumerServiceUrl=“~/SAML/AssertionConsumerService.aspx”
LocalCertificateFile=“C:\SSOCertificates\sso_sp.cer”/>
<PartnerIdentityProvider Name=“samlidpdemo”
SignAuthnRequest=“false”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
SingleSignOnServiceUrl=“<a href=“http://XXX.com/saml/sso””>http://XXX.com/saml/sso"
SingleLogoutServiceUrl=“<a href=“http://XXX.com/saml/slo_logout””>http://XXX.com/saml/slo_logout"
PartnerCertificateFile=“C:\SSOCertificates\sso_idp.cer”/>
We don’t enforce the use of HTTPS. Whatever URL you specify in the SAML configuration is what we will use. The identity provider might be causing the redirect to HTTPS. If you trace the HTTP traffic you should be able to confirm this. Assuming this is the case, you would then need to talk to the identity provider about this and they may need to change their configuration so the redirect doesn’t occur.