Signing propagating logout request with non-default credentials

Daniel Lutz daniel.lutz at
Wed May 17 11:51:11 EDT 2017

I'm trying to configure logout propagation such that the SAML2 logout request
is signed with non-default credentials, looked up via a strategy.

It seems to me that this is not possible, since looking up a SignatureSigningConfiguration
is supported via ProfileConfigurations only, but there's no ProfileConfiguration available
for the logout propagation flow ("PropagateLogout"). Instead, the default SignatureSigningConfiguration
of the DefaultRelyingParty is used, as far as I could see.

Is there a way to specify a lookup stategy for looking up the SignatureSigningConfiguration
used by the logout propagation flow to sign the SAML2 logout request?

Thanks for any hint.

- Daniel

More information about the users mailing list