WSO2 Identity Server: Single Logout Not Sending to All Service Providers
I am trying to implement Single Logout using WSO2 but hit a wall.
The initiating service provider can successfully send a logout request to the IdP (WSO2) and receive a logout response. However, no other registered service providers receive an IdP exit command.
I have enabled debug-level logging for the LogoutRequestSender class via the console, and I see the following log: "LogoutReqSenderTask is assigned to thread pool .
Looking at the source code for the LogoutRequestSender class, the private "LogoutReqSenderTask" class (which implements "Runnable") should generate a debug log with the SAMLRequest value:
public void run() {
List<NameValuePair> logoutReqParams = new ArrayList<NameValuePair>();
// set the logout request
logoutReqParams.add(new BasicNameValuePair("SAMLRequest", logoutReqDTO.getLogoutResponse()));
if(log.isDebugEnabled()) {
try {
log.debug("SAMLRequest : " + SAMLSSOUtil.decodeForPost(logoutReqDTO.getLogoutResponse()));
} catch (IdentityException e) {
log.debug(e);
}
}
//...snip...
}
However, this log is never written, indicating that this code is not being executed.
The only thought I could come up with is that the "run" method runs a raw excpetion before it enters the first "try" of the method and therefore can never write a log (because this code uses "ExecutorService" to queues in threads, unhandled exceptions will fail).
Here is an example of an (anonymous) logout request that I am sending from my SP to the IdP:
<samlp:LogoutRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="S2E267375A5BFB18E3B54FE839AF43B2F84AAE1E7A"
Version="2.0"
IssueInstant="2015-05-13T20:19:41Z"
Destination="[SSO Server Location]">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">[Issuer name]</saml:Issuer>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="[SSO Server Location]">UserName</saml:NameID>
<samlp:SessionIndex xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">d1b98786-f9d7-45dd-9712-a63f8f64cb02</samlp:SessionIndex>
</samlp:LogoutRequest>
What am I doing wrong here?
source to share
No one has answered this question yet
Check out similar questions: