WSO2 IS Single Logout partially working

Question

I am testing SAML SSO using WSO2 Identity Server 5.0.0 with two PHP application instances as service providers (using onelogin phpsaml). I managed to make the single sign on to

Answer 1

WSO2 IS works with strong assumptions that servers could see and talk to each other. This way it tries to be polite and sends the logout requests on back channel (server-to-server without user involvement). As the response the SP should send back a valid logout response. The WSO2 IS currently checks only the HTTP status code (200).

SimpleSAMLphp works with user browsers (and assuming the requests are coming from the user) and after receiving the logout request it tries to redirect the user back to IDP with the SAML Response using Redirect-binding. It's issuing HTTP 302 response.

Try to configure the SimpleSAMLphp to use POST binding for logout (in saml20-idp-remote.php). Still - SimpleSAMLphp it may try to redirect the user before returning the form with logout response and WSO2 IS will not follow the redirects.

Gabriel