it seems to be that the "SessionIndex" that is sent via in the SAML logout response is not valid. Expected: [56293095-95e4-4379-a723-3e1e6b4c939a]
IDP seems to be expecting some thing else. I guess what you can do is, Please tract the SAML response from IDP --> SP. (when login). In that request, you can find the "SessionIndex" and verify you are sending same "SessionIndex" in the logout request. For more details you can refer this
Single Logout on WSO2 Identity Server 4.5
-
04-08-2022 - |
Question
Since WSO2 official SSOAgent has too many dependencies, I've developed my sso filter to handle SAML request/response. When I migrate to IS 4.5, SSO seems all right, but single logout doesn't work anymore. After posting logout request, I keep getting redirect page with all null parameters(form action=null, SAMLResponse=null, relayStates=null), and get redirected to console login page instead of my app, thus I can't do my logout.
My SAMLRequest seems like:
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://is-dev.com:9443/samlsso" ID="ebdokpbchiddgikaolkibeifeccocjcajdgbjokd" IssueInstant="2013-11-23T21:38:45.487Z" NotOnOrAfter="2013-11-23T21:43:45.487Z" Reason="Single Logout">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">sample</saml2:Issuer>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">DOMAIN.COM/jack@domain.com</saml2:NameID>
<saml2p:SessionIndex>3fdf4df7-4b0a-4c20-8fe2-01701c78161f</saml2p:SessionIndex>
</saml2p:LogoutRequest>
I don't see anything wront whith it. And i keep getting such ERROR from backend:
ERROR {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor} - 28adcd7b-ad16-43b7-b57b-6defb3a33fda]. Expected: [56293095-95e4-4379-a723-3e1e6b4c939a] {org.wso2.carbon.identity.sso.saml.processors.LogoutRequestProcessor}
Anyone knows if it's relavant?
Solution