Forum Discussion
SAML SLO Error
- Mar 16, 2020
Seems like the IDP didnt understood "ResponseLocation". The Reponse was sent to Location rather than ResponseLocation, this is something BIGIP does default:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/sls" ResponseLocation="https://<bigip>/saml/sp/profile/post/slr">
Temporarily i made an irule that makes an 307 response from /saml/sp/profile/post/sls to /saml/sp/profile/post/slr instead.
Waiting for the IDP to update bigips metadata with only:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<bigip>/saml/sp/profile/post/slr">
Could this cause any trouble?
Hi, I am developed same solution and is there any specific format of saml logout request?
- Johan_LångMay 13, 2020Cirrus
What do you mean? :)
The IDP did not read the "ResponseLocation", instead i had to get rid of that, and only publish the /slr url instead of the /sls
- IRONMANMay 15, 2020Cirrostratus
HI Johan,
we are develping own SAML Solution and F5 Acting as IDP here. we not have format of SLO request from SP to IDP, we getting error in F5 Deflate error, not sure it is any encrypted , we
want SLO Request from SP to IDP format, no Sign, no encryption format !
we are using below format and it is getting error . it is send from SP to IDP(F5)
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"ID="ONELOGIN_21df91a89767879fc0f7df6a1490c6000c81644d"Version="2.0"IssueInstant="2014-07-18T01:13:06Z" Destination="https://F5IDP.COM/saml/idp/profile/redirect/sls">
<saml:Issuer>https://SP.COM/SAML-logout.go</saml:Issuer>
<saml:NameID SPNameQualifier="https://SP.com/SAML-logout.go" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">ONELOGIN_f92cc1834efc0f73e9c09f482fce80037a6251e7</saml:NameID>
</samlp:LogoutRequest>
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com