Logout Failing - No active session(s) found matching LogoutRequest
Lipscomb, Gary
glipscomb at csu.edu.au
Fri Oct 22 05:22:36 UTC 2021
Hi list,
I’ve got an issue with logging out from an SP Replicon.
The IdP (v4.1.4) is reporting [1] "No active session(s) found matching LogoutRequest".
The LogoutRequest [2] from the SP
Am I correct in assuming that this is failing since the NameID element in the logout request doesn't contain the Format type as a minimum?
Does it also require the SessionIndex obtained from Authn Response?
Regards
Gary
[1] IdP log
2021-10-22 16:03:16,067 - 10.9.246.166 - INFO [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:366] - Profile Action ProcessLogoutRequest: No active session(s) found matching LogoutRequest
2021-10-22 16:03:16,068 - 10.9.246.166 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: SessionNotFound
[2] The LogoutRequest from the SP
<samlp:LogoutRequest ID="_94df6f7f-2bb5-4358-9708-d40eb153e268"
Version="2.0"
IssueInstant="2021-10-22T05:03:15.697Z"
Destination="https://idp.csu.edu.au/idp/profile/SAML2/Redirect/SLO"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://global.replicon.com/!/REDACTED</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_94df6f7f-2bb5-4358-9708-d40eb153e268">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi"
xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>-- REDACTED --</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue> --REDACTED - </SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate> --REDACTED -- </X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">glipscom</saml:NameID>
</samlp:LogoutRequest>
Gary Lipscomb
Technical Officer, Systems | IT Infrastructure & Security | Division of Information Technology
Charles Sturt University
| ALBURY-WODONGA | BATHURST | BRISBANE | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ORANGE | PORT MACQUARIE | SYDNEY | WAGGA WAGGA |
LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with Charles Sturt University may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at Charles Sturt University. The views expressed in this email are not necessarily those of Charles Sturt University.
Charles Sturt University in Australia The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Consider the environment before printing this email.
More information about the users
mailing list