Shibboleth IdP -ADFS : sign out problem
Marc SAHIN
marc.sahin at univ-lyon2.fr
Mon Sep 24 09:35:06 EDT 2018
Hello,
We have a sign out problem in our messaging system which uses ADFS -
Shibboleth IdPV3 authentification.
The Exchange mail server use ADFS which redirects users to Shibboleth
IdP(l'authentification CAS), when we sign out, we get a randomise error
like below :
Here are the Fiddler logs :
*
SAMLRequest for Sign out :*
/<samlp:LogoutRequest ID="_f7d76412-06f5-4cfb-8b37-a7a62f792fef"
Version="2.0" IssueInstant="2018-09-20T10:18:02.910Z"
Destination="https://idp.univ-lyon2.fr/idp/profile/SAML2/Redirect/SLO"
Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">/
/// <Issuer
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.univ-lyon2.fr/adfs/services/trust</Issuer>/
/// <NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp.univ-lyon2.fr/idp/shibboleth"
SPNameQualifier="http://adfs.univ-lyon2.fr/adfs/services/trust"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">AAlzZWNyZXQ0NDWvbXX0MaOLdC89vd9egsbPsQgrOw9dAFtEf2eu5BuB8MRVMrnfXFPfDh8MtP+ZExLNZESISJhvlxxGovzgnyYeuOV3r1i90KULY01L/10UhQT7XyvLGhVfHBfdfaMl9FTxoRyK4U0mgT2CK7yzR+maPQ==</NameID>/
///<samlp:SessionIndex>_f8949ec4f3107c08812844976863ed16</samlp:SessionIndex>/
///</samlp:LogoutRequest>/
*/SAMLResponse of Shibboleth IdP :/*
/<?xml version="1.0" encoding="UTF-8"?>//
//<saml2p:LogoutResponse
Destination="https://adfs.univ-lyon2.fr/adfs/ls/"
ID="_0241278326194786fbd477e342f3c177"
InResponseTo="_f7d76412-06f5-4cfb-8b37-a7a62f792fef"
IssueInstant="2018-09-20T10:18:03.220Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">//
////<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.univ-lyon2.fr/idp/shibboleth</saml2:Issuer>//
////<saml2p:Status>//
////<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Requester">//
////<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:*_UnknownPrincipal_*"/>//
////</saml2p:StatusCode>//
////<saml2p:StatusMessage>*An error occurred*.</saml2p:StatusMessage>//
//////</saml2p:Status>//
//</saml2p:LogoutResponse>///
We have the log below in ADFS :
*
*
Apparently, Shibboleth does not seem to find "Principal" that sends to ADFS.
Any help would be much appreciated.
Best regards,
Marc SAHIN
Administrateur Systèmes
Pôle Système - DSI - Université Lumière Lyon 2
04 78 77 26 66
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180924/f0e7726c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bkplkpoflogocdba.png
Type: image/png
Size: 21287 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180924/f0e7726c/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hihdmfnkfjmohnlc.png
Type: image/png
Size: 1074 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180924/f0e7726c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ailkgiddmkhnmikm.png
Type: image/png
Size: 2109 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180924/f0e7726c/attachment-0002.png>
More information about the users
mailing list