Reputation: 791
SAML SSO Logout fails in WSO2 Identity Server 5
I am doing SSO with SSO agent filter. When I logout I get this error,
[2014-06-05 10:06:29,183] ERROR {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor} - No Established Sessions corresponding to Session Indexes provided.
Is this a configuration error?
I checked the SAML SSO response, it contains the session index,
<saml2:AuthnStatement AuthnInstant="2014-06-09T08:30:53.670Z"
SessionIndex="18d58397-44d8-4f13-a8f5-610b2bfc7b63">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
Also I checked the SAML Logout request it contains the same session id which is sent,
<saml2p:SessionIndex>18d58397-44d8-4f13-a8f5-610b2bfc7b63</saml2p:SessionIndex>
Then what is wrong here? Please help?
Also another fact is this fails only in my remote server. In my local setup with travelocity.com sample logout works fine.
Upvotes: 1
Views: 1274
Answers (1)
Reputation: 791
IS identifies session using "samlssoTokenId" cookie. I have configured the samlsso url of IS using a IP address and setup the web application using a domain name. So when the web app redirect user to samlsso url of IS all the cookies are erased by the browser to ensure security(Different Domains). Thus this issue occurred. Fixed it by correcting urls.
Upvotes: 2
Related Questions
- WSO2 Identity Server: How to handle SAML2 SSO Logout request
- Identity Server does not validate SAML LogoutRequest Signature
- WSO2 IS Single Logout partially working
- WSO2 and Spring SAML single logout issue
- SLO with wso2is, idp not including Issuer in LogoutRequests
- WSO2 Identity Server 5.0 - Can't perform single logout
- wso2 is single logout partially working contd
- WSO2IS: SSO session timeout doesn't work
- Failed to log out SAML WSO2 IS 5.0
- wso2is SingleLogoutProfile POST binding