Menu
▾
▴
Re: [Unity-idm-discuss] SLO failing in unity v2.8.2
|
From: Sander A. <sa....@fz...> - 2019-11-19 14:27:37
|
Hi Krzysztof,
I have a similar issue but unity says the SLO requests are not signed.
The first one is:
<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ONELOGIN_af44951e9e4082c520a50c150541f0af18ec6389"
Version="2.0"
IssueInstant="2019-11-19T14:16:01Z"
Destination="https://b2access.eudat.eu/saml-idp/SLO-WEB">;
<saml:Issuer>https://b2drop-devel.zam.kfa-juelich.de/index.php/apps/user_saml/saml/metadata</saml:Issuer>;
<saml:EncryptedID><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>BhnR3pIsntkc1w/ApcUQqaYFera49xOB4W1Ucbv/DbG5ED94QrDYzZsjlUXccsvbE56738cCy5X7nYIDIgAnHs2J/JrQahaxavp9Vhw1m3DBdRCKiG6ydwDyUMlVQr8w/ku3EIe157R77MRnOmu7SIl/wj8Mm5HGxr+Z2zDS99kc7L8s+JCNUKw7es9/ycHtvni4MWhDf6IrhnnxyLutyBw27bwkSaQTQXeYEtqbR4QVtNbObkA86nyqgFLImPvvDgu4ofApM75umMKKEEZ+MafpcGt+qUewRSFHup/El5LO1dHoLCtoPFRxL62hAAftppMx9LZAbbtaQ6TetwzG7Nw80QLaYDDgciOWwLmKMgyr6rVigTn5N18tyFGFcK7wEjL1ZGr8e+Sg6ZwadC/e6tX7IO6/mq6lowRoS5F4p061nC4gOZbg/rQ7vTso3dwbS4pW6Loo8kjDV6hZXZfOXs572NkKS/fDPa4gzTfuydA3u8vU+1txrqWWfYQfQVvUXRZwC0FSjV4tn0pwJjCJ1RoirFy2KcoVNjJVlN9Zh5TExMzoByiM9aQf7BG6SAf+4ICOwvqa4yA09wS/kOmchvfM0qkPtvkux7HB6JRGez2z8qfIqVyTF+ipgEhUePaH5zBMPEwtbQrrH2ylfRx1FCPlfQsJQwgchIBam+LcZsg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo>;
<xenc:CipherData>
<xenc:CipherValue>Ue78tQz5yJ17WGHynbAAJj6+07i4ui7meEJHEOBdME9zNLtcKOUt4pBecheWCigrWrcAptMuX+G9LYbD6cxgNdyImM4wTAWBOQo+taFeWUw=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData></saml:EncryptedID>
<samlp:SessionIndex>SAMLY2lib_assert_81deeaa5da2a8c679ce8a93ef4f9ef556d8bf35355ab38b1</samlp:SessionIndex>
</samlp:LogoutRequest>
The software is configured to sign the requests and to mir it seems
that they are.
The second one is:
2019-11-19T15:14:42,933 [qtp625170225-82314] TRACE unity.server.saml.SamlHttpServlet: Got SAML request using the HTTP Redirect binding:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_bfd05bb0a78d8665d76c81906c6b4df516e7de2314" Version="2.0" IssueInstant="2019-11-19T14:14:42Z" Destination="https://b2access.eudat.eu/saml-idp/SLO-WEB"><saml:Issuer>https://aai.eosc-portal.eu/proxy/module.php/saml/sp/metadata.php/sso</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">a7e5201a-8e97-449f-a32b-f128cc1186d3</saml:NameID><samlp:SessionIndex>SAMLY2lib_assert_34e6e470d7b9a27d769bbf0fd3ca9780697c666cfd24c055</samlp:SessionIndex></samlp:LogoutRequest>
2019-11-19T15:14:42,936 [qtp625170225-82314] DEBUG unity.server.saml.SLOAsyncResponseHandler: SAML error is going to be returned to the SAML requester from SLO endpoint
eu.unicore.samly2.exceptions.SAMLRequesterException: SAML document is not signed and the policy requires a signature
To me it looks like the signature is really missing, although the admin
says it is sigend.
Do you have some ideas?
Cheers,
Sander
On Tue, 2019-11-12 at 09:54 +0100, Krzysztof Benedyczak wrote:
> Shiraz,
>
> Please enable dumping of raw messages during deciphering. This is a
> library logging:
>
> <Logger name="unicore.security" level="TRACE"/>
>
> and the deciphered request is what we need, so should be before what
> you pasted.
>
> HTH
> KB
>
> W dniu 08.11.2019 o 14:37, Shiraz Memon pisze:
> > Hi,
> >
> > The saml log is already configured to trace level.
> >
> > </xenc:CipherData></xenc:EncryptedData></saml:EncryptedID><samlp:Se
> > ssionIndex>SAMLY2lib_assert_a3a85c9524c1fa67b7ccce8c40ffb89c175e85a
> > 49058231b</samlp:SessionIndex></samlp:LogoutRequest>
> > 2019-11-08T14:34:15,788 [qtp1417465-7314] DEBUG
> > unity.server.saml.SLOAsyncResponseHandler: SAML error
> > is going to be returned to the SAML requester from
> > SLO endpoint
> > eu.unicore.samly2.exceptions.SAMLRequesterException: Logged out
> > entity name must be present in SLO request and only NameID is
> > supported
> > at
> > eu.unicore.samly2.validators.LogoutRequestValidator.validateSubject
> > (LogoutRequestValidator.java:64) ~[samly2-2.3.3.jar:2.3.3]
> > at
> > eu.unicore.samly2.validators.LogoutRequestValidator.validate(Logout
> > RequestValidator.java:35) ~[samly2-2.3.3.jar:2.3.3]
> > at
> > pl.edu.icm.unity.saml.slo.SAMLLogoutProcessor.resolveRequest(SAMLLo
> > goutProcessor.java:364) ~[unity-server-saml-2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.saml.slo.SAMLLogoutProcessor.initFromSAML(SAMLLogo
> > utProcessor.java:256) [unity-server-saml-2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.saml.slo.SAMLLogoutProcessor.handleAsyncLogoutFrom
> > SAML(SAMLLogoutProcessor.java:165) [unity-server-saml-2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.saml.slo.SLOSAMLServlet.postProcessRequest(SLOSAML
> > Servlet.java:44) [unity-server-saml-2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.saml.SamlHttpServlet.process(SamlHttpServlet.java:
> > 100) [unity-server-saml-2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.saml.SamlHttpServlet.doGet(SamlHttpServlet.java:46
> > ) [unity-server-saml-2.8.2.jar:?]
> > at
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> > [javax.servlet-api-3.1.0.jar:3.1.0]
> > at
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> > [javax.servlet-api-3.1.0.jar:3.1.0]
> > at
> > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:8
> > 67) [jetty-servlet-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servl
> > etHandler.java:1623) [jetty-servlet-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > pl.edu.icm.unity.webui.authn.InvocationContextSetupFilter.doFilter(
> > InvocationContextSetupFilter.java:74) [unity-server-
> > web-common-2.8.2.jar:?]
> > at
> > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servl
> > etHandler.java:1610) [jetty-servlet-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > pl.edu.icm.unity.webui.authn.AuthenticationFilter.gotoNotProtectedR
> > esource(AuthenticationFilter.java:266) [unity-server-web-common-
> > 2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.webui.authn.AuthenticationFilter.handleNotProtecte
> > dResource(AuthenticationFilter.java:104) [unity-server-web-common-
> > 2.8.2.jar:?]
> > at
> > pl.edu.icm.unity.webui.authn.AuthenticationFilter.doFilter(Authenti
> > cationFilter.java:81) [unity-server-web-common-2.8.2.jar:?]
> > at
> > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servl
> > etHandler.java:1610) [jetty-servlet-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > pl.edu.icm.unity.engine.api.utils.HiddenResourcesFilter.doFilter(Hi
> > ddenResourcesFilter.java:49) [unity-server-engine-api-2.8.2.jar:?]
> > at
> > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(Servl
> > etHandler.java:1610) [jetty-servlet-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.ja
> > va:540) [jetty-servlet-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHan
> > dler.java:255) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHan
> > dler.java:1588) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHan
> > dler.java:255) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHan
> > dler.java:1345) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHand
> > ler.java:203) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.jav
> > a:480) [jetty-servlet-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHand
> > ler.java:1557) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHand
> > ler.java:201) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHand
> > ler.java:1247) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler
> > .java:144) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapp
> > er.java:132) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > pl.edu.icm.unity.engine.server.ClientIPSettingHandler.handle(Client
> > IPSettingHandler.java:58) [unity-server-engine-2.8.2.jar:?]
> > at
> > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(Co
> > ntextHandlerCollection.java:220) [jetty-server-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapp
> > er.java:132) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHand
> > ler.java:335) [jetty-rewrite-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandle
> > r.java:753) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapp
> > er.java:132) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at org.eclipse.jetty.server.Server.handle(Server.java:502)
> > [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > pl.edu.icm.unity.engine.server.JettyServer$1.handle(JettyServer.jav
> > a:215) [unity-server-engine-2.8.2.jar:?]
> > at
> > org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
> > [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.j
> > ava:260) [jetty-server-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(Abst
> > ractConnection.java:305) [jetty-io-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> > [jetty-io-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable
> > (SslConnection.java:411) [jetty-io-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.jav
> > a:305) [jetty-io-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.ja
> > va:159) [jetty-io-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
> > [jetty-io-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118
> > ) [jetty-io-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWh
> > atYouKill.java:333) [jetty-util-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(Eat
> > WhatYouKill.java:310) [jetty-util-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(Ea
> > tWhatYouKill.java:168) [jetty-util-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYo
> > uKill.java:126) [jetty-util-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread
> > .run(ReservedThreadExecutor.java:366) [jetty-util-
> > 9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadP
> > ool.java:765) [jetty-util-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at
> > org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPo
> > ol.java:683) [jetty-util-9.4.14.v20181114.jar:9.4.14.v20181114]
> > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_222]
> > 2019-11-08T14:34:15,789 [qtp1417465-7314] DEBUG
> > unity.server.saml.ResponseHandlerBase: Returning Logout Error
> > SAMLResponse with HTTP Redirect binding to
> > https://test.ggus.eu/Shibboleth.sso/SLO/Redirect
> > 2019-11-08T14:34:15,790 [qtp1417465-7314] TRACE
> > unity.server.saml.ResponseHandlerBase: SAML
> > SAMLResponse is:
> > <urn:LogoutResponse IssueInstant="2019-11-08T13:34:15.789Z"
> > ID="SAMLY2lib_msg_e22ca2eb2cd0014ac9c34617b52b836eebb6141762df2bcf"
> > Version="2.0" InResponseTo="_cdeb6c41e0e34221ccba36ec18db2d84"
> > xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol"><urn1:Issuer
> > Format="" xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion">
> > https://unity.eudat-aai.fz-juelich.de:8443/saml-
> > idp/metadata</urn1:Issuer><urn:Status><urn:StatusCode
> > Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/><urn:StatusMe
> > ssage>Logged out entity name must be present in SLO request and
> > only NameID is
> > supported</urn:StatusMessage></urn:Status></urn:LogoutResponse>
> > 2019-11-08T14:34:15,790 [qtp1417465-7314] TRACE
> > unity.server.saml.ResponseHandlerBase: Returned
> > Redirect URL is:
> >
https://test.ggus.eu/Shibboleth.sso/SLO/Redirect?SAMLResponse=fZJbaxsxEEb%2FyqD3vUi7Wa%2BFbSgNBYPTQhwC7YvRZexs2ZW2Ggma%2FvrKbgPbPuRNGkZnzsdok4KTB3%2FxKT4izd4Rwp4o4d5RVC5umaj5uuC8qPsn3simlfyuXPXrbwz291t2%2FPBw%2BCrGQZ8mupxQCKMEamFsXfNWmbVp2o6v9J3QfdMhat3xlq86Yc9CmzODZww0eJfHlHUmujeJJ79lJ2NRd6blWGPTCsGN0SpTDO%2BtFrZvGfycRkcyZ9iyaxCvaCDp1IQko5FXOZnBcg4%2BeuNHttvk
> > Ni5vCQN88mFSOeKCw98HKSIMMQuz3UuMM8mqSm6IryUmq2Kh1FCefxXfE46DeSktyr5
> > tm4rUNBaDnasJo8p9alMtNG5O8hhVTLQ8f%2FQW4VmNCd93olu3fMQfCSliYNWS8oBE
> > 6oK7vOMLWsh7BnQxK8OVBFOiCBphDki5DoOD4%2BELhD8wUC4%2FceMrfM7N%2B3sYC
> > CjNsw8R7S3Ef1OWtb%2BXfz%2FX7jc%3D
> >
> > Cheers,
> > Shiraz
> >
> > On Fri, Nov 8, 2019 at 9:44 AM Krzysztof Benedyczak <
> > kb...@un...> wrote:
> > > Hi Shiraz,
> > >
> > > W dniu 06.11.2019 o 13:00, Shiraz Memon pisze:
> > > > Hi Krzysztof,
> > > >
> > > > I have configured an SP, which is based on shibboleth. I can
> > > > successfully sign-in but unfortunately I cannot log-out (SLO).
> > > > Below are the SLO request and response messages from sp and
> > > > unity respectively, and also the SP configuration in unity.
> > > > <?xml
> > > > version="1.0"
> > > > encoding="UTF-8"?>
> > > > <samlp:LogoutRequest
> > > > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> > > > Destination="
> > > > https://unity.eudat-aai.fz-juelich.de/saml-idp/SLO-WEB"
> > > > ID="_56f68d31d948b0ccc241c0efe0697d36"
> > > > IssueInstant="2019-11-06T11:17:58Z"
> > > > Version="2.0">
> > > > <saml:Issuer
> > > > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> > > > https://test.ggus.eu/EOSC-hub/secure</saml:Issuer>;
> > > > <samlp:Extensions>
> > > > <aslo:Asynchronous
> > > > xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"
> > > > />
> > > > </samlp:Extensions>
> > > > <saml:EncryptedID
> > > > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> > > > <xenc:EncryptedData
> > > > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> > > > Type="http://www.w3.org/2001/04/xmlenc#Element">;
> > > > <xenc:EncryptionMethod
> > > > Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
> > > > <ds:KeyInfo
> > > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#">;
> > > > <xenc:EncryptedKey>
> > > > <xenc:EncryptionMethod
> > > > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
> > > > <xenc:CipherData>
> > > > <xenc:CipherValue>S/GMplTHJ2N0vbOVMhyUK8bBTNriupFbp12wwnvUmioEj
> > > > x5xpBhYGYgEF5IQChVm66GdgIJ8czAk
> > > > RX1HbwqOGUktGocmR+Fcxq9wn5OSrQ4i/mj4kIF+aqlh8+bir2gua5XLd16DPn
> > > > 61CM3bUv2HWfNK
> > > > P0IAO3D77ezdJ+DR4jZ5wEfqZE3+OFplfMyzc2s7w4iswSs/cs/3fXJzkSFKGUP
> > > > 32P50izi4HxBg
> > > > eN7F7knsFHiD8P0b62btMOUQCHHG6LG9U7Esfjwe+uO88wJEmge295FQWRwJHvr
> > > > bO8O7rEwnDu8+
> > > > 1d1/Vnb0OT5lvM0E8sC/LYUKpO62DHjUvVI60BQ2/6NJPVsTjV4CEp77nQK7aR6
> > > > dmJaVxlFJ2EZw
> > > > cD3s49RPazXpATvAPLrg/0t2lLFIB/Z5g8AX+5FqBn1vkqrYpKQoBdnTjO/j5L
> > > > GYbs8q9s2/HlP9
> > > > 4Mf9iCW9YOCV1Q8KOLAvgLHJWKCVHNQQARTIHHN2ocX2jNWiWf0zaG/1sEW8KP6
> > > > uOyoLpnTQ9YB6
> > > > I81yndVV+YXVWQYLk7wrUB2KPXVHCEshjmHzwJxhvWvIQYrvpBuLOLfAjShNpFs
> > > > Hyn/yCBBs5LdE
> > > > RlDAdcKkikAQO5MkJjcLSkY0Jh3C5PAJ+jPhjZ5Lv9z1+VuJabb9lpLCNAI8Lx0
> > > > dYJ7LbExv8Gw=</xenc:CipherValue>
> > > > </xenc:CipherData>
> > > > </xenc:EncryptedKey>
> > > > </ds:KeyInfo>
> > > > <xenc:CipherData>
> > > > <xenc:CipherValue>uwTdWX75kV+KaSwdLSY0miFxW7oaIEqIpUF9LTZgYEsgH
> > > > zh6lQeJs0trR9CzTF6+b8/+j8mpCCkF
> > > > 6BsHJcikJRZySAo2THBfZlTk1FIcOXgOMW6U2k3loUSxr6JT1mXFXXCBkUeraP
> > > > 38JJ62Yg9GMGFd
> > > > DYKNtbTI2fuK6Z8TwBwK/lDeJ+atIOcnTT8AKBYXpo0Ni/s+0XivyecXPKdkYIR
> > > > Sh34u9nZ2DVr0 ENrgpmXR1X+hctYU7NeRgEFjQjCf</xenc:CipherValue>
> > > > </xenc:CipherData>
> > > > </xenc:EncryptedData>
> > > > </saml:EncryptedID>
> > > > <samlp:SessionIndex>SAMLY2lib_assert_fd9a89a3fa593431e7c87fc612
> > > > 66a55d5b3b64d8ea7f6bc3</samlp:SessionIndex>
> > > > </samlp:LogoutRequest>
> > > >
> > > > <?xml version="1.0" encoding="UTF-8"?>
> > > > <urn:LogoutResponse
> > > > xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol"
> > > > IssueInstant="2019-11-06T11:33:04.725Z"
> > > > ID="SAMLY2lib_msg_64b9f960635a040fc79f7707675d67b026020087543ab
> > > > 8f8"
> > > > Version="2.0"
> > > > InResponseTo="_4d31d3d8048d719329c6c5f43c35fb39">
> > > > <urn1:Issuer
> > > > xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion"
> > > > Format="">
> > > > https://unity.eudat-aai.fz-juelich.de:8443/saml-idp/metadata</urn1:Issuer>
> > > > ;
> > > > <urn:Status>
> > > > <urn:StatusCode
> > > > Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />
> > > > <urn:StatusMessage>Logged
> > > > out entity name must be present in SLO request and only NameID
> > > > is supported</urn:StatusMessage>
> > > > </urn:Status>
> > > > </urn:LogoutResponse>
> > > >
> > >
> > > Looks like some incompatibility on what is sent to Unity in
> > > logout request, as a subject to be logged out. I can't say more
> > > as the request is encrypted.
> > > If you enable trace logging you should be able to see decrypted
> > > message in log, then we can say more. Looks like the subject
> > > (i.e. the one to be logged out) is provided in some of
> > > unsupported ways to unity. I suppose this was not working with
> > > older unity version too, right? And even if it was most likely
> > > the triggering is on the client side.
> > > Best,
> > > Krzysztof
> > >
> >
> >
> > --
> > Shiraz Memon
> > Federated Systems and Data
> > Jülich Supercomputing Centre (JSC)
> >
> > Phone: +49 2461 61 6899
> > Fax: +49 2461 61 6656
> >
> >
> > -----------------------------------------------------------------
> > -------------------------------
> > -----------------------------------------------------------------
> > -------------------------------
> > Forschungszentrum Juelich GmbH
> > 52425 Juelich
> > Sitz der Gesellschaft: Juelich
> > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B
> > 3498
> > Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
> > Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt
> > (Vorsitzender),
> > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
> > Prof. Dr. Sebastian M. Schmidt
> > -----------------------------------------------------------------
> > -------------------------------
> > -----------------------------------------------------------------
> > -------------------------------
> >
>
> _______________________________________________
> Unity-idm-discuss mailing list
> Uni...@li...
> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
--
Federated Systems and Data
Juelich Supercomputing Centre
phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...
----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------
|
