Zoom again, and half-signed Logout requests

Martin Haase Martin.Haase at DAASI.de
Tue Apr 14 03:32:30 EDT 2020

Hi list,

some years back, Zoom used to be unable to sign SLO requests. Now they
do - however, the IdP would not honor them:

[org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:301] -
Credential failed name check: [subjectName='CN=*.zoom.us,OU=Domain
Control Validated']

I suspect it has to do with the wildcard certificate?

What would you advise - toggle off signing SLO requests? Can I use
idp.logout.authenticated just for one SP?

Or push back?



Dr. Martin Haase, Solutions Engineer

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: martin.haase at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200414/a1bd3db2/attachment.html>

More information about the users mailing list