IdP v4 SLO issues when wilcard certificates for websites
Cantor, Scott
cantor.2 at osu.edu
Fri Aug 14 11:17:17 UTC 2020
On 8/14/20, 1:37 AM, "users on behalf of Lipscomb, Gary" <users-bounces at shibboleth.net on behalf of glipscomb at csu.edu.au> wrote:
> I’m in the process of upgrading to IdP v4 (4.0.1) and have come across an issue with SLO which was not present
> in v3.4.7
There was no SOAP logout in 3.x, so...by definition it couldn't have been there. SOAP logout should only happen as a last resort, so you're basically talking about an issue that means logout that couldn't have happened before and couldn't have happened any other way "still" doesn't happen.
If the SP has any other logout bindings, it shouldn't be attempting SOAP. (And to be clear any SP claiming to support SOAP logout is almost certainly lying...)
So that's a fairly different characterization.
> Is there a setting I’ve missed in the upgrade process?
This has nothing to do with the upgrade, it's a new feature.
I know that the code doesn't allow for wildcards. I do not know if it can be told to ignore the transport layer when connecting. I would guess that it can, but I don't know the setting, and I doubt it's exposed. Given how much it would come up, it's certainly an issue.
-- Scott
More information about the users
mailing list