问题
I am attempting to use SP-initiated SLO with SalesForce (trying Redirect and POST) with the following LogoutRequest:
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1583fa34b3e9426ba5885849204d6f8d" Version="2.0" IssueInstant="2017-11-14T18:42:25Z" Destination="https://myorg-dev-ed.my.salesforce.com/services/auth/idp/saml2/logout">
<saml:Issuer>myorg</saml:Issuer>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">me@myorg</saml:NameID>
</samlp:LogoutRequest>
I am using my SP entity ID for Issuer. I also tried using it for NameID SPNameQualifier. My Redirect and POST logic work for AuthnRequest. This SLO is working with OneLogin.
The error I get back is:
We are unable to log you out. Please contact your administrator for more information.
I can not find any relevant log entries.
回答1:
Which tool are you using to generate the XML? Add the tag SessionIndex, which you can get from the login.
来源:https://stackoverflow.com/questions/47293940/sp-initiated-single-logout-not-working-with-salesforce