Clever Geek Handbook

WSO2 Identity Server: Single Logout Not Sending to All Service Providers

I am trying to implement Single Logout using WSO2 but hit a wall.

The initiating service provider can successfully send a logout request to the IdP (WSO2) and receive a logout response. However, no other registered service providers receive an IdP exit command.

I have enabled debug-level logging for the LogoutRequestSender class via the console, and I see the following log: "LogoutReqSenderTask is assigned to thread pool .

Looking at the source code for the LogoutRequestSender class, the private "LogoutReqSenderTask" class (which implements "Runnable") should generate a debug log with the SAMLRequest value:

public void run() {
    List<NameValuePair> logoutReqParams = new ArrayList<NameValuePair>();
    // set the logout request
    logoutReqParams.add(new BasicNameValuePair("SAMLRequest", logoutReqDTO.getLogoutResponse()));

    if(log.isDebugEnabled()) {
        try {
            log.debug("SAMLRequest : " + SAMLSSOUtil.decodeForPost(logoutReqDTO.getLogoutResponse()));
        } catch (IdentityException e) {
            log.debug(e);
        }
    }
    //...snip...
}

However, this log is never written, indicating that this code is not being executed.

The only thought I could come up with is that the "run" method runs a raw excpetion before it enters the first "try" of the method and therefore can never write a log (because this code uses "ExecutorService" to queues in threads, unhandled exceptions will fail).

Here is an example of an (anonymous) logout request that I am sending from my SP to the IdP:

<samlp:LogoutRequest 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    ID="S2E267375A5BFB18E3B54FE839AF43B2F84AAE1E7A" 
    Version="2.0" 
    IssueInstant="2015-05-13T20:19:41Z" 
    Destination="[SSO Server Location]">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">[Issuer name]</saml:Issuer>
    <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="[SSO Server Location]">UserName</saml:NameID>
    <samlp:SessionIndex xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">d1b98786-f9d7-45dd-9712-a63f8f64cb02</samlp:SessionIndex>
</samlp:LogoutRequest>

What am I doing wrong here?

+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles