Missing RelayState in logout response
185 views
Skip to first unread message
jspauldi55
Jun 2, 2015, 2:44:19 PM6/2/15
to simple...@googlegroups.com
Hello colleagues,
I have setup simplsamlphp as an SP, with the IDP being a third party vendor. The issue I am having is when I perform SP initiated single log out, logout fails and simplesamlphp reports the error message "Missing RelayState in logout response". After running a Fiddler trace, I see that my SP is sending a SAMLRequest with a "RelayState" value="_lkasjd92lksjlkd0fje4334kjdcmkdlejlmfsdli3qd" to the IDP and the IDP responds with a SAMLResponce but no RelayState. It appears that the IDP is not able to process special HTML characters, the underscore "_", in the RealyState value sent from my SP. Is anyone aware of a way that I can remove or modify the underscore character that is present in the RelayState value that the simplesamlphp SP is sending with the SAML logout request? Thank you for your help!
jspauldi55
Jul 22, 2015, 10:58:03 AM7/22/15
to simpleSAMLphp
Hello Everyone,
I am still running into this issue where my IDP is unable to return the "RelayState" value to my SimpleSAML SP in the SLO SAMLResponce. Has anyone found a way to disable "RelayState" in the SP initiated logout in SimpleSAML or a workaround for this type of issue? Thank you!
Peter Schober
Jul 22, 2015, 11:24:04 AM7/22/15
to simple...@googlegroups.com
* jspauldi55 <jspau...@gmail.com> [2015-06-02 20:44]:
the spec myself) then the IDP is required to return the RelayState
sent to it verbatim.
So make sure the spec says so and then approach the vendor of that IDP
software.
> It appears that the IDP is not able to process special HTML
> characters, the underscore "_", in the RealyState value sent from my
> SP.
How is an underscore a "special HTML character"?
It certainly has no special meaning in SGML/XML, not in SAML, not in
HTTP request parameters or most other protocols.
-peter
> I have setup simplsamlphp as an SP, with the IDP being a third party
> vendor. The issue I am having is when I perform SP initiated single log
> out, logout fails and simplesamlphp reports the error message "Missing
> RelayState in logout response". After running a Fiddler trace, I see that
> my SP is sending a SAMLRequest with a "RelayState"
> value="_lkasjd92lksjlkd0fje4334kjdcmkdlejlmfsdli3qd" to the IDP and the IDP
> responds with a SAMLResponce but no RelayState.
If SAML SLO is defined like SSO in this regard (I'd have to look at
> vendor. The issue I am having is when I perform SP initiated single log
> out, logout fails and simplesamlphp reports the error message "Missing
> RelayState in logout response". After running a Fiddler trace, I see that
> my SP is sending a SAMLRequest with a "RelayState"
> value="_lkasjd92lksjlkd0fje4334kjdcmkdlejlmfsdli3qd" to the IDP and the IDP
> responds with a SAMLResponce but no RelayState.
the spec myself) then the IDP is required to return the RelayState
sent to it verbatim.
So make sure the spec says so and then approach the vendor of that IDP
software.
> It appears that the IDP is not able to process special HTML
> characters, the underscore "_", in the RealyState value sent from my
> SP.
It certainly has no special meaning in SGML/XML, not in SAML, not in
HTTP request parameters or most other protocols.
-peter
Reply all
Reply to author
Forward
0 new messages