Question

Can I make a Single Logout from WSO2 Identity Server using POST not Redirect? I keep getting the following message:

No established Sessions corresponding to the Session Indexes provided

After some debugging I found out that the session index is obtained by a corresponding sessionID. This session ID is obtained from a cookie named samlssoTOkenId. The thing is that when I am sending a POST to the Identity Provider, I do not have this cookie - I can set it up manually but I do not know its value.

My questions are:

  1. Is this appraoch even possible - using POST not REDIRECT?
  2. Is there some configuration on the Identity Provider which will search for the session index in the request itself not using the cookie approach?
  3. Is it possible to somehow obtain the value of this session ID - when receiving the response after authentication or some other means?

Thanks in advance!

No correct solution

OTHER TIPS

With WSO2IS 4.5.0 and latest versions SessionIndex attribute is returned with the SAML2 Response. Here, You need to enable the Enable Single Logout when service provider is registered in WSO2IS. Also all Single logout requests are handled with respect to the SessionIndex attribute not with the "samlssoTOkenId". As i understood it is invalid to use the cookie values as SessionIndex. But there is no way to configure POST and Redirect. I guess currently it is only supported for Post. Please find the more details about single logout implementation from here. This blog is true with the WSO2IS as well

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top