WSO2 Identity Server 5.0 - Can't perform single logout

0
votes

Whenever I perform logout in one of my service providers I always get the same error message:

Not a valid SAML 2.0 Request Message! The message was not recognized by the SAML 2.0 SSO Provider. Please check the logs for more details.

Let's take salesforce for example... I have tried configuring it with https://myidpdomain:9443/samlsso and https://myidpdomain:9443/samlsso?wa=wsignout1.0 in the "Identity Provider Logout URL" setting.

The same with zendesk...

To both these service providers I have enabled the single logout checkbox in the SAML Inbound Authentication configuration.

The single sign on works fine.

1
wso2single-sign-onwso2is
In the system logs, I see nothing..Mental Zenga

1 Answers

1
votes

Are you using SAML2 SSO Web browser or Passive STS ? In SAML2 SSO web browser profile, you can not send wa=wsignout1.0 for logout. It is not valid. Therefore above error has been generated. wa=wsignout1.0 is used in Passive STS profile not in SAML2 SSO. If you are using /samlsso end point in WSO2IS, It means that your are using SAML2 SSO. Therefore, you must send a proper logout request to the /samlsso end point. If you need to get more idea about SSO logout with SAML2 SSO, Please go through this.