Hi all,
As I posted in simpleSAMLphp user forum I have trouble lo logout with WAAD ACS. (https://groups.google.com/d/msg/simplesamlphp/SCYph2ABDNg/ILsQHAYDz54J)
The Logout signature is signed in the url :
https://login.windows.net/MYUID/saml2?SAMLRequest= MYSAMLREQ&RelayState= MYRELAYSTATE&SigAlg=http%3A% 2F%2Fwww.w3.org%2F2000%2F09% 2Fxmldsig%23rsa-sha1& Signature=MYSIG
Microsoft answer is now
Sign out
Sorry, but we're having trouble signing you out.
We are unable to verify this sign-out request. If you wish to sign-out, you may ignore this error and continue.
Additional technical information:
Trace ID: 3d3ba7f5-218a-4da4-a597-ab677c4ed3ee
Timestamp: 2014-01-07 15:12:46Z
ACS75017: No signature verification credentials found to verify the logout request's signature.
and when I click to continue I get this new message :
Trace ID: 3d3ba7f5-218a-4da4-a597-
Timestamp: 2014-01-07 15:12:46Z
ACS75017: No signature verification credentials found to verify the logout request's signature.
and when I click to continue I get this new message :
Sign out
Sorry, but we're having trouble signing you out.
Additional technical information:
Trace ID: 3a23b0fa-e253-40b7-b4c9-26f9093676a8
Timestamp: 2014-01-07 15:49:46Z
ACS75015: Saml relying party's logout endpoint Url is required to process the LogoutRequest.
Trace ID: 3a23b0fa-e253-40b7-b4c9-
Timestamp: 2014-01-07 15:49:46Z
ACS75015: Saml relying party's logout endpoint Url is required to process the LogoutRequest.
I checked my SP metadata at
https://MYSITE/simplesaml/module.php/saml/sp/metadata.php/azure-ad
and I have the following logout section in the metadata
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://MYSITE/simplesaml/module.php/saml/sp/saml2-logout.php/azure-ad"/>
as well as the certificate embedded.
Any idea ?
Thanks