SLO endpoints with IdP 2.4.0
Liam Hoekenga
liamr at umich.edu
Wed Apr 23 16:34:05 EDT 2014
We're upgrading our non-prod IdP to 2.4.0 in preparation of upgrading prod.
We've got SPs that are excited to use the SLO endpoints. We've added them
to the idp metadata, the profile handlers to handler.xml, and the SLO
request profile in relying-party.xml.
We're getting what looks to be a properly formatted logout request...
<saml2p:LogoutRequest Destination="
https://shib-idp-test.www.umich.edu/idp/profile/SAML2/POST/SSO"
ID="pgjglaohdfjommabakcbjmigbbkmnblkiodfhoga"
IssueInstant="2014-04-23T20:02:14.377Z"
NotOnOrAfter="2014-04-23T20:07:14.377Z"
Reason="urn:oasis:names:tc:SAML:2.0:logout:user"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
...
</saml2p:LogoutRequest>
...the IdP is returning an error. Nothing is revealed via the browser (no
error message), but the log says
16:02:14.654 - 141.211.192.9 - ERROR
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88]
- Error occurred while processing request
java.lang.ClassCastException:
org.opensaml.saml2.core.impl.LogoutRequestImpl cannot be cast to
org.opensaml.saml2.core.AuthnRequest
I googled the error message and didn't see anything. Suggestions?
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140423/0d1fa4b7/attachment.html
More information about the users
mailing list