Signing propagating logout request with non-default credentials

Cantor, Scott cantor.2 at
Wed May 17 11:54:39 EDT 2017

On 5/17/17, 11:51 AM, "users on behalf of Daniel Lutz" <users-bounces at on behalf of daniel.lutz at> wrote:

> It seems to me that this is not possible, since looking up a SignatureSigningConfiguration
> is supported via ProfileConfigurations only, but there's no ProfileConfiguration available
> for the logout propagation flow ("PropagateLogout"). Instead, the default SignatureSigningConfiguration
> of the DefaultRelyingParty is used, as far as I could see.

The SAML2.Logout bean is the profile for it. There isn't a way to separate the behavior for signing LogoutResponses from requests, but that's about the only limitation.

-- Scott

More information about the users mailing list