Single logout problem

Павел Шашко pavel.shashko at gmail.com
Tue Oct 10 10:51:58 EDT 2017 

in audit.log there are some differences in the lines with successfull and
unsuccessfull attempt to logout:

if my app is second in the chain to logout line is (unsuccessfull attempt):
20171010T144902Z|||*urn:ru:pgk:reserve|http://shibboleth.net/ns/profiles/saml2/logout|idp:shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
<http://shibboleth.net/ns/profiles/saml2/logout|idp:shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST>*
|_1280486001835c52d3c0ab78561a4141||||AAdzZWNyZXQx5SOLta6p6IsTbuBUoDV9rRSKzP5gzqc2loVF16CEYmB2A32BhqWGCdSOqrSvufT/R0Evukggbo4E1/h1dBKsFckvc4KImWbEV0Imfks4axThuoG/qnSUI6ybrLrKKoPY2AfHQESzgV/7pQ==||

if my app (the same) is first (successfull attempt):
20171010T144941Z|*urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|a2aadi9e48h72dcibi5gcfegh18d76|urn:ru:pgk:reserve|http://shibboleth.net/ns/profiles/saml2/logout|idp:shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
<http://shibboleth.net/ns/profiles/saml2/logout|idp:shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST>*
|_e810611e7517db8e7ed57caca59ec2dc||||||

may be problem is in this difference?

Pavel

вт, 10 окт. 2017 г. в 17:35, Павел Шашко <pavel.shashko at gmail.com>:

> > Where does it say it's unsuccessful?
> because I can open the second application without authentication
>
> > Your audit log isn't configured usefully enough to tell much of anything
> In my logback.xml I see ALL level for IDP_AUDIT appender. How can I
> improve the quality of the log?
>
> > it's probably working as much as it's ever going to.
> before that I had an IDP version without SLO. This is my first attempt to
> use SLO
>
> вт, 10 окт. 2017 г. в 17:04, Cantor, Scott <cantor.2 at osu.edu>:
>
>> > In audit log I see the attempt to logout from my second app.
>> Unsuccessful attempt..
>>
>> Where does it say it's unsuccessful?
>>
>> > But there is no errors in all logs!
>>
>> Your audit log isn't configured usefully enough to tell much of anything,
>> but it's logging a propagation over POST to an SP, and unless that's
>> failing, which there is no evidence to conclude either way, it's probably
>> working as much as it's ever going to.
>>
>> -- Scott
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
> --
> С уважением,
> Павел Шашко
>
-- 
С уважением,
Павел Шашко
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171010/69a476d6/attachment.html>

More information about the users mailing list