I’ve created both an IdentityProvider and a PartnerService locally and I can SSO at the IdentityProvider without any problems but when I try to invoke a SLO I get a “The logout response isn’t signed” error. It used to work perfectly until I recently updated the certificates for both the IdentityProvider and PartnerService. What am I missing here?
Any help is greatly appreciated.
Matthias
Hi Mattias,
This error shouldn’t be related to updating certificates.
It sounds like either the identity provider or service provider expects the SAML logout response to be signed but the other party isn’t signing this message.
In the PartnerIdentityProvider configuration and/or PartnerServiceProvider configuration you can specify that SAML logout messages are to be signed by setting:
“SignLogoutRequest”: true,
“SignLogoutResponse”: true
If there’s still an issue, please enable SAML trace at both the IdP and SP and send the log files as email attachments to support@componentspace.com.
https://www.componentspace.com/forums/7936/Enabling-SAML-Trace