I am using oneLogin java tool kit to signin against the ssocircle.It worked fine. How ever, when I click the logout. I am not logout out of the IDP and its not redirected back to the relaystate.
LogoutRequest
<samlp:LogoutRequest Destination="https://idp.ssocircle.com"
ID="ONELOGIN_7e0b2553-81ab-4b0c-929f-803096cfa28d"
IssueInstant="2017-09-01T08:59:20Z" Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>debug/honeywell.com</saml:Issuer>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
SPNameQualifier="debug/honey.com">https://idp.ssocircle.com</saml:NameID>
</samlp:LogoutRequest>
Please guide how to solve this issue.
Thanks.
Kind regards,
Ajay
Related
I am trying to integrate my application with AAD authentication but the replyurls which i am configuring in the AAD application is
https://www.example1.com/abc/account/login.aspx
but when i am coming back after authentication i am getting redirected to
https://www.example1.com/
Only and my request is coming as authenticated but i want user to redirect to full url which i have configured.
I have tried sending RedirectUri at the time of app configuration in startup class as same as https://www.example1.com/abc/account/login.aspx that time user is redirect to this url but that time request is not getting authenticated
any one knows how i will achieve this?
thank you in advance.
Reply URL is where the token would send to . It means that it is a endpoint
which signs in users for that provider. But after signing in, the user will be redirect to the Homepage(Sign-on) URL.
For your scenario, you can change the Home page (Sign-on)URL in both AAD Application and your APP config file to the URL which you want to use.
Please refer to this documentation for detailed instructions on how to set up these configurations. Like Wayne said, you need to make sure that the home page URL is matched to whatever site you want the users to be redirected to after login. Then make sure that the reply URL and the RedirectURI are matching.
Using the onelogin sample app as SP with sso circle as IdP, login via SSOCircle IdP works, but the LogoutRequest, after being validated, returns a LogOutResponse with StatusCode Requester instead of Success :
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="xxxxxxxxxxxxxxxxxxxxx" Version="2.0" IssueInstant="2018-03-28T07:50:49Z" Destination="http://localhost:8080/onelogin-saml/sls.jsp" InResponseTo="ONELOGIN_hexahexahexa">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.ssocircle.com</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
</samlp:StatusCode>
</samlp:Status>
</samlp:LogoutResponse>
IdP initiated Logout works.
I cannot figure out what am i missing in the properties configuration :
onelogin.saml2.sp.single_logout_service.url=http://localhost:8080/onelogin-saml/sls.jsp
onelogin.saml2.sp.single_logout_service.binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
onelogin.saml2.sp.nameidformat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
onelogin.saml2.idp.single_logout_service.url=https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp
onelogin.saml2.idp.single_logout_service.response.url=
onelogin.saml2.idp.single_logout_service.binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Any input would be warmly welcome.
thanks to the onelogin contributors, i could solve the problem by storing the nameId, sessionId and nameIdFormat into the session at login, and then use them as parameters when calling the logout method. see closed issue for full code here.
I am attempting to use SP-initiated SLO with SalesForce (trying Redirect and POST) with the following LogoutRequest:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1583fa34b3e9426ba5885849204d6f8d" Version="2.0" IssueInstant="2017-11-14T18:42:25Z" Destination="https://myorg-dev-ed.my.salesforce.com/services/auth/idp/saml2/logout">
<saml:Issuer>myorg</saml:Issuer>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">me#myorg</saml:NameID>
</samlp:LogoutRequest>
I am using my SP entity ID for Issuer. I also tried using it for NameID SPNameQualifier. My Redirect and POST logic work for AuthnRequest. This SLO is working with OneLogin.
The error I get back is:
We are unable to log you out. Please contact your administrator for
more information.
I can not find any relevant log entries.
Which tool are you using to generate the XML?
Add the tag SessionIndex, which you can get from the login.
Using IdentityServer 4 for authentication which work with different clients, that support OpenID Connect and OAuth 2.0 protocols for AAD authentication
In scenario, if there is an error before Login or after Login (authentication)
User is redirected to Home\Error, default exception middlerware handler. Here I want to provide user with 'Retry Url' which redirects to Client link.
Appreciate if any body can suggest on this.
In Account Controller Login() you can get the return_url from the model(check LoginViewModel). Just validate this return_url and Redirect the user, it will take it to the client. You can also fetch the redirect_uri from return_url which have the client info - if thats what you are looking for!
You can always pass the return_url to error view and inject it in a hyperlink where user can click to go back to the client.
I am using latest version of Spring Security SAML to simulate an RP.
I need to view the SAML Logout Request and Response on the logout.jsp page.
It is easy to view auth request and response on a JSP page, but I am not sure how that works with the logout process.
Thank you
You need to install addon SAML tracer for firefox. https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/