Menu
▾
▴
Re: [Unity-idm-discuss] SLO failing in unity v2.8.2
|
From: Krzysztof B. <kb...@un...> - 2019-11-19 22:52:10
|
Hi Sander, For your case, it seems pretty clear. No, no one of the pasted requests is signed. The first one contains encrypted id, so would fail anyway (even if signed) - same case as described in an email to Shiraz. The 2nd one probably would be accepted, if was signed. In case of SLO (more precisely async SLO that you are using) signature is a must: otherwise there is no way to check if the request, coming via redirect, was really issued by someone authorized. Action (logout) is immediate effect, and so we can't relay on other means as in case of SSO protocol (where we can just return a response to a trusted address). HTH, Krzysztof |
