Uploaded image for project: 'Shibboleth SP - C++'
  1. Shibboleth SP - C++
  2. SSPCPP-110

<LogoutInitiator > message not SAML2 valid

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.1
    • Component/s: SAML 2.0 Logout
    • Labels:
      None
    • Environment:
      redhat 4
    • Operating System:
      Linux
    • Web Server:
      Apache 2.0
    • CPU Type:
      x86
    • C/C++ Compiler:
      GCC 3.x

      Description

       Error message from IDP (RSA FIM) when logout .
       Message :
      Error message: Exception encountered at the top-level of the profile bean: SAMLObject.fromStream() caught exception while parsing a stream (wrapped: cvc-complex-type.2.4.a: Invalid content was found starting with element 'samlp:SessionIndex'. One of '{"http://www.w3.org/2000/09/xmldsig#":Signature, "urn:oasis:names:tc:SAML:2.0:protocol":Extensions, "urn:oasis:names:tc:SAML:2.0:assertion":BaseID, "urn:oasis:names:tc:SAML:2.0:assertion":NameID, "urn:oasis:names:tc:SAML:2.0:assertion":EncryptedID}' is expected.)

      Configuration :

      shibboleth2.xml:

      <LogoutInitiator type="Chaining" Location="/Logout" relayState="cookie">

                      <LogoutInitiator type="SAML2" template="bindingTemplate.html"/>

                      <LogoutInitiator type="Global"/>

                  </LogoutInitiator>

      Idp Metadata file :

      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://idp.athome.com/slo/request/AP" ResponseLocation=" http://idp.athome.com/slo/response/AP"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://idp.athome.com/slo/request/AP" ResponseLocation="http://idp.athome.com/slo/response/AP"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://idp.athome.com/renb" ResponseLocation="http://idp.athome.com/slo/response/AP"></md:SingleLogoutService>
      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://idp.athome.com/soap/services/SAMLMessageProcessor/AP">
      </md:SingleLogoutService>

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              scott.cantor@at.internet2.edu Scott Cantor (osu.edu)
              Reporter:
              omar_oues Omar Oueslati (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: