MSIS7054: The SAML logout did not complete properly
628 views
Skip to first unread message
Neeraj Verma
Oct 29, 2021, 8:35:57 AM10/29/21
to SimpleSAMLphp
i have successfully implemented login for simplesamlphp on my php website . but only for logout it gives error
- Activity ID: 4b1edfc5-a1de-4687-7856-0080020000e6
- Error details: MSIS7054: The SAML logout did not complete properly.
- Node name: 8532e9ec-2411-466d-83ab-cc0365d50ac6
- Error time: Fri, 29 Oct 2021 12:25:47 GMT
- Proxy server name: Z-***06
- Cookie: enabled
- User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
This request failed.
User Action
Verify that the message issuer configuration in the AD FS configuration database is up to date.
I have my federation metadata xml file , from where i generated
saml20-idp-hosted.php
, saml20-idp-remote.php
and saml20-sp-remote.php
still same issue persists .
i tried to look into error log
it says
Session: 'default-sp' not valid because we are not authenticated.
i tried in config.php for default-sp .
'baseurlpath' => 'https://*****/simplesaml/',
'certdir' => 'cert/saml.crt',
'loggingdir' => 'log/',
'datadir' => 'data/',
'tempdir' => '/tmp/simplesaml',
and authsource.php like
'default-sp' => [
'saml:SP',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
'entityID' => 'https://*****/',
'idp' => 'http://auth.qa.
***** .net/adfs/services/trust',
'discoURL' => null,
'NameIDPolicy' => false,
'RelayState' => 'https://
***** /',
still same issue persists
please suggest
Peter Schober
Oct 29, 2021, 8:47:22 AM10/29/21
to SimpleSAMLphp
* Neeraj Verma <neeraj...@nablasol.com> [2021-10-29 14:36]:
> - Error details: MSIS7054: The SAML logout did not complete properly.
> - Node name: 8532e9ec-2411-466d-83ab-cc0365d50ac6
Well, that's not an error message from SimpleSAMLphp so what the
details of this are you'd have to ask the admins of the MS-ADFS system
that generated the error.
You can also trace the requests and repsonses in the web browser
e.g. using the SAML-tracer extension. Based on the actual protocol
messages it might become clear what the problem is.
E.g. SimpleSAMLphp may have issued a SAML error to the MS-ADFS IDP and
the MS-ADFS IDP is merely reporting that. Or the MS-ADFS IDP is
reporting an error of its own.
> I have my federation metadata xml file , from where i generated
>
> saml20-idp-hosted.php
> , saml20-idp-remote.php
> and saml20-sp-remote.php
>
> still same issue persists .
Since your systems is not a SAML 2.0 IDP (it's an SP and the external
MS-ADFS system is the IDP) there's no need for a saml20-idp-hosted.php
nor for saml20-sp-remote.php.
> Session: 'default-sp' not valid because we are not authenticated.
> i tried in config.php for default-sp .
And was that listed as an ERROR? Or merely as INFO?
-peter
> i have successfully implemented login for simplesamlphp on my php website .
> but only for logout it gives error
>
> - Activity ID: 4b1edfc5-a1de-4687-7856-0080020000e6
> but only for logout it gives error
>
> - Error details: MSIS7054: The SAML logout did not complete properly.
> - Node name: 8532e9ec-2411-466d-83ab-cc0365d50ac6
Well, that's not an error message from SimpleSAMLphp so what the
details of this are you'd have to ask the admins of the MS-ADFS system
that generated the error.
You can also trace the requests and repsonses in the web browser
e.g. using the SAML-tracer extension. Based on the actual protocol
messages it might become clear what the problem is.
E.g. SimpleSAMLphp may have issued a SAML error to the MS-ADFS IDP and
the MS-ADFS IDP is merely reporting that. Or the MS-ADFS IDP is
reporting an error of its own.
> I have my federation metadata xml file , from where i generated
>
> saml20-idp-hosted.php
> , saml20-idp-remote.php
> and saml20-sp-remote.php
>
> still same issue persists .
MS-ADFS system is the IDP) there's no need for a saml20-idp-hosted.php
nor for saml20-sp-remote.php.
> Session: 'default-sp' not valid because we are not authenticated.
> i tried in config.php for default-sp .
-peter
Reply all
Reply to author
Forward
0 new messages