Menu
▾
▴
[Unity-idm-discuss] SLO failing in unity v2.8.2
|
From: Shiraz M. <a....@fz...> - 2019-11-06 12:02:20
|
Hi Krzysztof, I have configured an SP, which is based on shibboleth. I can successfully sign-in but unfortunately I cannot log-out (SLO). Below are the SLO request and response messages from sp and unity respectively, and also the SP configuration in unity. <?xml version="1.0" encoding="UTF-8"?> <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://unity.eudat-aai.fz-juelich.de/saml-idp/SLO-WEB" ID="_56f68d31d948b0ccc241c0efe0697d36" IssueInstant="2019-11-06T11:17:58Z" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.ggus.eu/EOSC-hub/secure</saml:Issuer> <samlp:Extensions> <aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo" /> </samlp:Extensions> <saml:EncryptedID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /> <xenc:CipherData> <xenc:CipherValue>S/GMplTHJ2N0vbOVMhyUK8bBTNriupFbp12wwnvUmioEjx5xpBhYGYgEF5IQChVm66GdgIJ8czAk RX1HbwqOGUktGocmR+Fcxq9wn5OSrQ4i/mj4kIF+aqlh8+bir2gua5XLd16DPn61CM3bUv2HWfNK P0IAO3D77ezdJ+DR4jZ5wEfqZE3+OFplfMyzc2s7w4iswSs/cs/3fXJzkSFKGUP32P50izi4HxBg eN7F7knsFHiD8P0b62btMOUQCHHG6LG9U7Esfjwe+uO88wJEmge295FQWRwJHvrbO8O7rEwnDu8+ 1d1/Vnb0OT5lvM0E8sC/LYUKpO62DHjUvVI60BQ2/6NJPVsTjV4CEp77nQK7aR6dmJaVxlFJ2EZw cD3s49RPazXpATvAPLrg/0t2lLFIB/Z5g8AX+5FqBn1vkqrYpKQoBdnTjO/j5LGYbs8q9s2/HlP9 4Mf9iCW9YOCV1Q8KOLAvgLHJWKCVHNQQARTIHHN2ocX2jNWiWf0zaG/1sEW8KP6uOyoLpnTQ9YB6 I81yndVV+YXVWQYLk7wrUB2KPXVHCEshjmHzwJxhvWvIQYrvpBuLOLfAjShNpFsHyn/yCBBs5LdE RlDAdcKkikAQO5MkJjcLSkY0Jh3C5PAJ+jPhjZ5Lv9z1+VuJabb9lpLCNAI8Lx0dYJ7LbExv8Gw=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>uwTdWX75kV+KaSwdLSY0miFxW7oaIEqIpUF9LTZgYEsgHzh6lQeJs0trR9CzTF6+b8/+j8mpCCkF 6BsHJcikJRZySAo2THBfZlTk1FIcOXgOMW6U2k3loUSxr6JT1mXFXXCBkUeraP38JJ62Yg9GMGFd DYKNtbTI2fuK6Z8TwBwK/lDeJ+atIOcnTT8AKBYXpo0Ni/s+0XivyecXPKdkYIRSh34u9nZ2DVr0 ENrgpmXR1X+hctYU7NeRgEFjQjCf</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </saml:EncryptedID> <samlp:SessionIndex>SAMLY2lib_assert_fd9a89a3fa593431e7c87fc61266a55d5b3b64d8ea7f6bc3</samlp:SessionIndex> </samlp:LogoutRequest> <?xml version="1.0" encoding="UTF-8"?> <urn:LogoutResponse xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol" IssueInstant="2019-11-06T11:33:04.725Z" ID="SAMLY2lib_msg_64b9f960635a040fc79f7707675d67b026020087543ab8f8" Version="2.0" InResponseTo="_4d31d3d8048d719329c6c5f43c35fb39"> <urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion" Format="">https://unity.eudat-aai.fz-juelich.de:8443/saml-idp/metadata</urn1:Issuer> <urn:Status> <urn:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" /> <urn:StatusMessage>Logged out entity name must be present in SLO request and only NameID is supported</urn:StatusMessage> </urn:Status> </urn:LogoutResponse> Unity configuration: unity.saml.acceptedSP.13.entity=https://test.ggus.eu/EOSC-hub/secure unity.saml.acceptedSP.13.returnURL=https://test.ggus.eu/Shibboleth.sso/SAML2/POST unity.saml.acceptedSP.13.certificate=GGUS unity.saml.acceptedSP.13.redirectLogoutEndpoint=https://test.ggus.eu/Shibboleth.sso/SLO/Redirect Thanks, Shiraz -- Shiraz Memon Federated Systems and Data Jülich Supercomputing Centre (JSC) Phone: +49 2461 61 6899 Fax: +49 2461 61 6656 ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ |
