OneLogin and SLO?

Cantor, Scott cantor.2 at
Mon Jul 23 09:08:15 EDT 2018

> To close the loop on this: I filed a support request with OneLogin asking them
> for comment, pointing out that (in my opinion) there's a security hole in their
> product's handling of the SAML SLO messages (they neither check the
> signature of the LogoutRequest, nor do they sign the LogoutResponse), and
> they essentially (in so many words) said "We don't care. You can file an
> enhancement request, and if enough people vote on it, we might implement
> it."

Pretty much expected, but thanks for trying, and posting back about it.
-- Scott

More information about the users mailing list