Hi Kanapriya, In the above case, in the session map what do you have? What we should be storing is the Session Id even though the log says ContextId. Should the log be modified?
1750291c-611b-4305-9fbc-40ba183d5878 --> *9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d * Is it? thanks, Dimuthu On Fri, Jan 19, 2018 at 2:04 PM, Kanapriya Kuleswararajan < [email protected]> wrote: > Hi Malithi, > > I have set the session as cookie in wrappped servlet request [1]. Now, it > resolves the above mentioned error when I initiated a logout request from > FIDP (avis.com). But with that also I couldn't logout the SP and I > observed the following debug log in the console. > > [2018-01-19 13:27:12,126] ERROR {org.wso2.carbon.identity.appl > ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - > Recieved sessionIndex **************1750291c-611b-4305-9fbc-40ba183d5878 > [2018-01-19 13:27:12,127] ERROR {org.wso2.carbon.identity.appl > ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - *Recieved > ContextId ************** > 9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d* > [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl > ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Initializing the flow > [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl > ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Framework contextId: c694dedf-6893-4960-addb-9e5b5e1e6cad > [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl > ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Starting a logout flow > [2018-01-19 13:27:12,128] DEBUG {org.wso2.carbon.identity.appl > ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} > - Outbound Query String: sessionDataKey=c694dedf-6893-4 > 960-addb-9e5b5e1e6cad&relyingParty=travelocity.com&type=samlsso&sp= > travelocity.com&isSaaSApp=false > [2018-01-19 13:27:12,130] DEBUG {org.wso2.carbon.identity.appl > ication.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler} > - Sending response back to: http://localhost:8080/traveloc > ity.com/home.jsp... > commonAuthLoggedOut : true > sessionDataKey: null > > > @ Dimuthu : I have checked IS cookie in the browser, but It's not the same > as the cookie what I store in the map against the sessionIndex. Please find > the screen shot below : > > [image: Inline image 1] > > [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c > omponents/org.wso2.carbon.identity.application.authenticator > .samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/ > samlsso/SAML2FederatedLogoutRequestHandler.java#L137 > > Am I missing anything ? How can I proceed with this further? > > Thanks, > Kanapriya > > > Kanapriya Kuleswararajan > Software Engineer > Mobile : - 0774894438 <077%20489%204438> > Mail : - [email protected] > LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ > WSO2, Inc. > lean . enterprise . middleware > > > On Fri, Jan 19, 2018 at 8:27 AM, Dimuthu Leelarathne <[email protected]> > wrote: > >> Hi Kanapriya, >> >> Also, pls check whether the IS cookie in the browser is the same as the >> cookie you store in the map against the sessionIndex have the same value. >> >> thanks, >> Dimuthu >> >> >> On Fri, Jan 19, 2018 at 7:15 AM, Malithi Edirisinghe <[email protected]> >> wrote: >> >>> You have to set the session as a cookie in the wrappped servlet request. >>> Otherwise framework will not pick the session with respect to this flow. >>> >>> On Fri, Jan 19, 2018 at 12:22 AM, Kanapriya Kuleswararajan < >>> [email protected]> wrote: >>> >>>> Hi Malithi, >>>> >>>> Thanks for the suggestion, I wrapped the relevant parameters which is >>>> mentioned in the following endpoint [1] as per the off-line discussion and >>>> directly invoke the Java API [2] instead of forward the wrapper object to >>>> the common auth endpoint. Now I got an different error [3]. >>>> >>>> [1] >>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>> >>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>> omponents/org.wso2.carbon.identity.application.authenticator >>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java#L131 >>>> >>>> [3] >>>> >>>> [2018-01-19 00:10:36,771] DEBUG {org.wso2.carbon.identity.appl >>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>> - retrieving authentication request from cache.. >>>> [2018-01-19 00:10:36,772] ERROR {org.wso2.carbon.identity.appl >>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>> - Exception in Authentication Framework >>>> org.wso2.carbon.identity.application.authentication.framewor >>>> k.exception.FrameworkException: Invalid authentication request. >>>> Session data key : 23b80283629e8b46fff6978874f46c >>>> f34664c78abd168d9d47dff7031dffde7e >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa >>>> ultRequestCoordinator.java:111) >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.CommonAuthenticationHandler.doPost(CommonAuthenticationHan >>>> dler.java:46) >>>> at org.wso2.carbon.identity.application.authentication.framewor >>>> k.CommonAuthenticationHandler.doGet(CommonAuthenticationHand >>>> ler.java:37) >>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>> deratedLogoutRequestHandler.java:139) >>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>> tRequestHandler.java:82) >>>> >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>> rvice(ContextPathServletAdaptor.java:37) >>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>> n.service(ServletRegistration.java:61) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>> ssAlias(ProxyServlet.java:128) >>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>> ce(ProxyServlet.java:60) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>> (DelegationServlet.java:68) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:303) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>> r.java:52) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>> .java:72) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>> r(CharacterSetFilter.java:65) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>> r(HttpHeaderSecurityFilter.java:124) >>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>> lter(ApplicationFilterChain.java:241) >>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>> licationFilterChain.java:208) >>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>> dWrapperValve.java:219) >>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>> dContextValve.java:110) >>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>> uthenticatorBase.java:506) >>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>> stValve.java:169) >>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>> rtValve.java:103) >>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>> ke(AuthorizationValve.java:91) >>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>> ke(AuthenticationValve.java:60) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>> ocation(CompositeValve.java:99) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>> (CarbonTomcatValve.java:47) >>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>> ntLazyLoaderValve.java:57) >>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>> eValves(TomcatValveContainer.java:47) >>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>> ositeValve.java:62) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>> lve.java:962) >>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>> invoke(CarbonContextCreatorValve.java:57) >>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>> EngineValve.java:116) >>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>> apter.java:445) >>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>> tractHttp11Processor.java:1115) >>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>> .process(AbstractProtocol.java:637) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>> (NioEndpoint.java:1775) >>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>> ioEndpoint.java:1734) >>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>> Executor.java:1142) >>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>> lExecutor.java:617) >>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>> un(TaskThread.java:61) >>>> at java.lang.Thread.run(Thread.java:745) >>>> >>>> Appreciate your input on this. >>>> >>>> Thanks, >>>> Kanapriya >>>> >>>> Kanapriya Kuleswararajan >>>> Software Engineer >>>> Mobile : - 0774894438 <077%20489%204438> >>>> Mail : - [email protected] >>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>> WSO2, Inc. >>>> lean . enterprise . middleware >>>> >>>> >>>> On Thu, Jan 18, 2018 at 10:31 PM, Malithi Edirisinghe < >>>> [email protected]> wrote: >>>> >>>>> Hi Kanapriya, >>>>> >>>>> So seems you have dispatched back to the servlet transport. With this >>>>> you won't be able to respond back to the federated IdP as the response is >>>>> committed. Instead, follow the approach at [1]. There you wrap request and >>>>> response and directly invoke the Java API, which will return the request >>>>> and response handled by the servlet endpoint. Then you can verify and >>>>> respond back to the federated IdP. >>>>> >>>>> [1] https://github.com/wso2-extensions/identity-inbound-auth >>>>> -saml/blob/5.3.x/components/org.wso2.carbon.identity.sso.sam >>>>> l/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SA >>>>> MLSSOProviderServlet.java#L1219 >>>>> >>>>> Thanks, >>>>> Malithi. >>>>> >>>>> On Thu, Jan 18, 2018 at 7:29 PM, Kanapriya Kuleswararajan < >>>>> [email protected]> wrote: >>>>> >>>>>> Please find the error log below : >>>>>> >>>>>> ERROR {org.apache.catalina.core.ApplicationDispatcher} - >>>>>> Servlet.service() for servlet bridgeservlet threw exception >>>>>> java.lang.StringIndexOutOfBoundsException: String index out of >>>>>> range: -1 >>>>>> at java.lang.String.substring(String.java:1967) >>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>> ce(ProxyServlet.java:70) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>> (DelegationServlet.java:68) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:303) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>> r.java:52) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic >>>>>> ationDispatcher.java:743) >>>>>> at org.apache.catalina.core.ApplicationDispatcher.processReques >>>>>> t(ApplicationDispatcher.java:485) >>>>>> at org.apache.catalina.core.ApplicationDispatcher.doForward(App >>>>>> licationDispatcher.java:410) >>>>>> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli >>>>>> cationDispatcher.java:337) >>>>>> at org.eclipse.equinox.http.servlet.internal.RequestDispatcherA >>>>>> daptor.forward(RequestDispatcherAdaptor.java:30) >>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$Re >>>>>> questDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) >>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>>>> deratedLogoutRequestHandler.java:136) >>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>>>> tRequestHandler.java:79) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>>>> rvice(ContextPathServletAdaptor.java:37) >>>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>>>> n.service(ServletRegistration.java:61) >>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>>>> ssAlias(ProxyServlet.java:128) >>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>> ce(ProxyServlet.java:60) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>> (DelegationServlet.java:68) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:303) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>> r.java:52) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>>>> .java:72) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>>>> r(CharacterSetFilter.java:65) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>>>> r(HttpHeaderSecurityFilter.java:124) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>> dWrapperValve.java:219) >>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>> dContextValve.java:110) >>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>> uthenticatorBase.java:506) >>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>> stValve.java:169) >>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>> rtValve.java:103) >>>>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>>>> ke(AuthorizationValve.java:91) >>>>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>>>> ke(AuthenticationValve.java:60) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>>>> ocation(CompositeValve.java:99) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>>>> (CarbonTomcatValve.java:47) >>>>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>>>> ntLazyLoaderValve.java:57) >>>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>>> eValves(TomcatValveContainer.java:47) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>>> ositeValve.java:62) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>> lve.java:962) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>>> invoke(CarbonContextCreatorValve.java:57) >>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>> EngineValve.java:116) >>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>> apter.java:445) >>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>> tractHttp11Processor.java:1115) >>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>>> .process(AbstractProtocol.java:637) >>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>>> (NioEndpoint.java:1775) >>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>>> ioEndpoint.java:1734) >>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>> Executor.java:1142) >>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>> lExecutor.java:617) >>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>>> un(TaskThread.java:61) >>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>> >>>>>> Thanks, >>>>>> Kanapriya >>>>>> >>>>>> Kanapriya Kuleswararajan >>>>>> Software Engineer >>>>>> Mobile : - 0774894438 <077%20489%204438> >>>>>> Mail : - [email protected] >>>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> >>>>>> >>>>>> On Thu, Jan 18, 2018 at 7:27 PM, Kanapriya Kuleswararajan < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> >>>>>>>>> b) - At number 5 in the diagram, i.e. when the logout request is >>>>>>>>> received, we wrap the request and response and send over to our >>>>>>>>> common-auth servelet. Here before invoking the common-auth servelet, >>>>>>>>> we >>>>>>>>> will retrieve session Id from the map (using the SAML Session Index) >>>>>>>>> and >>>>>>>>> set it in the wrapper object. >>>>>>>>> >>>>>>>> >>>>>>>> Request which forwards to the commonauth endpoint will have a >>>>>>>> format similar to following, >>>>>>>> >>>>>>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>>>>>> NOTE: Need to verify whether relyingParty parameter is required or >>>>>>>> not. >>>>>>>> >>>>>>>> After logout from the framework, the saml-sso outbound >>>>>>>> component will verify the response and will build a valid SAML2 logout >>>>>>>> response and send back to the federated IdP. >>>>>>>> >>>>>>> >>>>>>> I have created a Servlet endpoint [1] to access SAML logout request >>>>>>> from FIDP and register this Servlet as service [2]. Here, I get the >>>>>>> session >>>>>>> id using the session index and set it inside wrapper object and forward >>>>>>> that to the commonauth endpoint. When I sent a logout request from FIDP, >>>>>>> FIDP is logged out but SP is is not getting logged out even we sent the >>>>>>> sessionID to invalidate the session and observe the error [1] at the >>>>>>> back >>>>>>> end. >>>>>>> >>>>>>> Is there anything I need to do more than this? >>>>>>> >>>>>>> [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java >>>>>>> >>>>>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>> authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceCo >>>>>>> mponent.java#L74 >>>>>>> >>>>>>> Thanks, >>>>>>> Kanapriya >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> @Thanuja and Malithi: Please add anything that I have missed. And >>>>>>>>> also appreciate code snippets for above (a) and (b). >>>>>>>>> >>>>>>>>> After the POC implementation, we will have another review. >>>>>>>>> >>>>>>>>> thank you, >>>>>>>>> Dimuthu >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Dimuthu Leelarathne >>>>>>>>> Director, Solutions Architecture >>>>>>>>> >>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>> email: [email protected] >>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>> >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>> >>>>>>>> [1] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>> wso2/carbon/identity/application/authentication/framework/ut >>>>>>>> il/FrameworkUtils.java#L1258 >>>>>>>> >>>>>>>> >>>>>>>> <https://github.com/wso2/carbon-identity-framework/blob/5.11.x/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java#L1258>[2] >>>>>>>> - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>> wso2/carbon/identity/application/authentication/framework/Au >>>>>>>> thenticationDataPublisher.java >>>>>>>> >>>>>>>> [3] - https://github.com/wso2-extensions/identity-governance/blo >>>>>>>> b/master/components/org.wso2.carbon.identity.captcha/src/mai >>>>>>>> n/java/org/wso2/carbon/identity/captcha/validator/FailLoginA >>>>>>>> ttemptValidator.java >>>>>>>> >>>>>>>> [4] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>> del/CommonAuthRequestWrapper.java >>>>>>>> >>>>>>>> [5] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>> del/CommonAuthResponseWrapper.java >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Thanuja >>>>>>>> -- >>>>>>>> *Thanuja Lakmal* >>>>>>>> Associate Technical Lead >>>>>>>> WSO2 Inc. http://wso2.com/ >>>>>>>> *lean.enterprise.middleware* >>>>>>>> Mobile: +94715979891 >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Associate Technical Lead >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> [email protected] >>>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> >> >> -- >> Dimuthu Leelarathne >> Director, Solutions Architecture >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile: +94773661935 <+94%2077%20366%201935> >> Blog: http://muthulee.blogspot.com >> >> Lean . Enterprise . Middleware >> > > -- Dimuthu Leelarathne Director, Solutions Architecture WSO2, Inc. (http://wso2.com) email: [email protected] Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
