[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: integrating Shibboleth SP 2 with ADFS, log out issue
From: "Vu, Kien" <kien () brightcookie ! com ! au>
Date: 2013-03-24 23:39:53
Message-ID: CAD=-YqN2JV7WyxSjhjgUqPAzzgetz2=wsRBgn-A6DcHxETUe0A () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi everyone,
We are having log-out issue when integrating Shibboleth SP 2 with ADFS. The
log-in is working fine but when I log out the Shibboleth SP 2, the ADFS is
not logged out.
Can someone please help me on this issue?
This is our Shibboleth config file:
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<OutOfProcess>
<Extensions>
<Library path="/usr/lib64/shibboleth/adfs.so"
fatal="true"/>
</Extensions>
</OutOfProcess>
<InProcess>
<Extensions>
<Library path="/usr/lib64/shibboleth/adfs-lite.so"
fatal="true"/>
</Extensions>
</InProcess>
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="false"
cookieProps="http">
<SSO entityID="http://xxxxx/adfs/services/trust">
SAML2 SAML1 ADFS
</SSO>
<!-- SAML and local-only logout. -->
<Logout>SAML2 ADFS Local</Logout>
<!-- <LogoutInitiator type="Chaining" Location="/Logout"
relayState="cookie">
<LogoutInitiator type="SAML2"/>
<LogoutInitiator type="Local"/>
</LogoutInitiator> -->
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false"/>
<!-- Status reporting service. -->
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session"
showAttributeValues="false"/>
<!-- JSON feed of discovery information. -->
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="xxxx"
helpLocation="/about.html"
styleSheet="/shibboleth-sp/main.css"/>
<Notify
Channel="back"
Location="https://xxxxx/auth/shibboleth/logout.php" />
<MetadataProvider type="XML" uri="
https://xxxx/FederationMetadata/2007-06/FederationMetadata.xml"
backingFilePath="/etc/shibboleth/editedFederationMetadata.xml"
reloadInterval="180000" />
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true"
reloadChanges="false" path="attribute-map.xml"/>
<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/>
<!-- Default filtering policy for recognized attributes, lets other
data pass. -->
<AttributeFilter type="XML" validate="true"
path="attribute-policy.xml"/>
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File"
key="/etc/pki/tls/private/xxxx.key"
certificate="/etc/pki/tls/certs/xxxx.crt"/>
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime
messages. -->
<SecurityPolicyProvider type="XML" validate="true"
path="security-policy.xml"/>
<!-- Low-level configuration about protocols and bindings available for
use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false"
path="protocols.xml"/>
</SPConfig>
Many thanks,
Kien
[Attachment #5 (text/html)]
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Hi \
everyone,</span><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
We are having log-out issue when integrating Shibboleth SP 2 with ADFS. The log-in \
is working fine but when I log out the Shibboleth SP 2, the ADFS is not logged \
out.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Can \
someone please help me on this issue?</div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">This \
is our Shibboleth config file:</div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div><SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"</div><div> \
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"</div><div> \
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"</div> <div> \
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"</div><div> \
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"</div><div> \
clockSkew="180"></div><div><br></div><div> \
<OutOfProcess></div> <div> <Extensions></div><div> \
<Library path="/usr/lib64/shibboleth/adfs.so" \
fatal="true"/></div><div> </Extensions></div><div> \
</OutOfProcess></div> <div> <InProcess></div><div> \
<Extensions></div><div> <Library \
path="/usr/lib64/shibboleth/adfs-lite.so" \
fatal="true"/></div><div> </Extensions></div> <div> \
</InProcess></div><div><br></div><div> </div></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><br></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<div> <Sessions lifetime="28800" timeout="3600" \
relayState="ss:mem"</div><div> \
checkAddress="false" handlerSSL="false" \
cookieProps="http"></div> <div><br></div><div> </div><div> \
</div><div> <SSO entityID="<a href="http://xxxxx/adfs/services/trust" \
target="_blank" style="color:rgb(17,85,204)">http://xxxxx/adfs/services/trust</a>"></div>
<div> SAML2 SAML1 ADFS</div><div> \
</SSO></div><div><br></div><div><br></div><div><br></div><div> \
<!-- SAML and local-only logout. --></div><div> <Logout>SAML2 \
ADFS Local</Logout></div> <div> <!-- <LogoutInitiator \
type="Chaining" Location="/Logout" \
relayState="cookie"></div><div> \
<LogoutInitiator type="SAML2"/></div> <div> \
<LogoutInitiator type="Local"/></div><div> \
</LogoutInitiator> --></div><div><br></div><div> </div><div> \
<Handler type="MetadataGenerator" Location="/Metadata" \
signing="false"/></div> <div><br></div><div> <!-- Status \
reporting service. --></div><div> <Handler type="Status" \
Location="/Status" acl="127.0.0.1 \
::1"/></div><div><br></div><div> <!-- Session diagnostic \
service. --></div> <div> <Handler type="Session" \
Location="/Session" \
showAttributeValues="false"/></div><div><br></div><div> \
<!-- JSON feed of discovery information. --></div><div> <Handler \
type="DiscoveryFeed" Location="/DiscoFeed"/></div><div> \
</Sessions></div><div><br></div><div><div> <Errors \
supportContact="xxxx"</div><div> \
helpLocation="/about.html"</div> <div> \
styleSheet="/shibboleth-sp/main.css"/></div><div><br></div><div> \
</div><div><Notify</div><div> Channel="back"</div><div> \
Location="<a href="https://xxxxx/auth/shibboleth/logout.php" target="_blank" \
style="color:rgb(17,85,204)">https://xxxxx/auth/shibboleth/logout.php</a>" \
/></div> <div><br></div><div><br></div><div><br></div><div> \
<MetadataProvider type="XML" uri="<a \
href="https://xxxx/FederationMetadata/2007-06/FederationMetadata.xml" target="_blank" \
style="color:rgb(17,85,204)">https://xxxx/FederationMetadata/2007-06/FederationMetadata.xml</a>"</div>
<div> backingFilePath="/etc/shibboleth/editedFederationMetadata.xml" \
reloadInterval="180000" \
/></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div> \
<!-- Map to extract attributes from SAML assertions. --></div> <div> \
<AttributeExtractor type="XML" validate="true" \
reloadChanges="false" \
path="attribute-map.xml"/></div><div><br></div><div> <!-- Use \
a SAML query if no attributes are supplied during SSO. --></div> <div> \
<AttributeResolver type="Query" \
subjectMatch="true"/></div><div><br></div><div> <!-- Default \
filtering policy for recognized attributes, lets other data pass. --></div><div> \
<AttributeFilter type="XML" validate="true" \
path="attribute-policy.xml"/></div><div><br></div><div> <!-- \
Simple file-based resolver for using a single keypair. --></div> <div> \
</div><div><br></div><div> <CredentialResolver \
type="File" key="/etc/pki/tls/private/xxxx.key" \
certificate="/etc/pki/tls/certs/xxxx.crt"/></div><div> </div><div> \
</ApplicationDefaults></div> <div><br></div><div> <!-- Policies that \
determine how to process and authenticate runtime messages. --></div><div> \
<SecurityPolicyProvider type="XML" validate="true" \
path="security-policy.xml"/></div> <div><br></div><div> <!-- \
Low-level configuration about protocols and bindings available for use. \
--></div><div> <ProtocolProvider type="XML" \
validate="true" reloadChanges="false" \
path="protocols.xml"/></div> \
<div><br></div><div></SPConfig></div><div><br></div></div><div><br></div><div>Many \
thanks,</div><div><br></div><div>Kien</div></div><div><br></div>
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic