Joomla SLO error
Scott Koranda
skoranda at gmail.com
Thu May 7 21:40:23 EDT 2015
On Thu, May 7, 2015 at 8:25 PM, Ranil De Silva <
ranil.desilva at industrieit.com> wrote:
> Hi Folks,
>
> I have a Joomla server running the Samlogin plugin (from creativedotit).
> Authentication and logging into the SP with my Shibboleth IDP (v3.1.1) is
> working fine but when I try and do the SLO logout, I get an unexpected
> error thrown. The following log error:
>
> 2015-05-08 11:07:29,757 - WARN
> [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:182] -
> Profile Action WebFlowMessageHandlerAdaptor: Exception handling message
> org.opensaml.messaging.handler.MessageHandlerException: Message context
> was not authenticated
> at
> org.opensaml.messaging.handler.impl.CheckMandatoryAuthentication.doInvoke(CheckMandatoryAuthentication.java:70)
>
> Is there an easy way to track the problem or where to look
>
>
Use a tool like the SAML tracer plugin for Firefox to examine the SAML
being sent from the SP to the IdP requesting the logout (assuming it is a
front channel logout). Or turn on debug logging with the IdP to see the
actual logout request sent by the SP.
The SP may not be signing the logout request.
If that is the case you can configure the IdP to not require signed logout
requests from that particular SP. There was a thread between myself and
Scott C about this last month.
Of course if you can cause the SP to sign the logout request that would be
best.
Scott K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150507/ea1c2a6a/attachment.html>
More information about the users
mailing list