IdP v4 SLO issues when wilcard certificates for websites

Cantor, Scott cantor.2 at
Fri Aug 14 11:17:17 UTC 2020

On 8/14/20, 1:37 AM, "users on behalf of Lipscomb, Gary" <users-bounces at on behalf of glipscomb at> wrote:

>    I’m in the process of upgrading to IdP v4 (4.0.1) and have come across an issue with SLO which was not present
> in v3.4.7

There was no SOAP logout in 3.x, definition it couldn't have been there. SOAP logout should only happen as a last resort, so you're basically talking about an issue that means logout that couldn't have happened before and couldn't have happened any other way "still" doesn't happen.

If the SP has any other logout bindings, it shouldn't be attempting SOAP. (And to be clear any SP claiming to support SOAP logout is almost certainly lying...)

So that's a fairly different characterization.

>    Is there a setting I’ve missed in the upgrade process?

This has nothing to do with the upgrade, it's a new feature.

I know that the code doesn't allow for wildcards. I do not know if it can be told to ignore the transport layer when connecting. I would guess that it can, but I don't know the setting, and I doubt it's exposed. Given how much it would come up, it's certainly an issue.

-- Scott

More information about the users mailing list