WSO2 Identity Server 5.0-无法执行单次注销
[英]WSO2 Identity Server 5.0 - Can't perform single logout
问题描述
Whenever I perform logout in one of my service providers I always get the same error message: 
每当我在其中一个服务提供商中执行注销时,总是收到相同的错误消息:
Not a valid SAML 2.0 Request Message! 不是有效的SAML 2.0请求消息! The message was not recognized by the SAML 2.0 SSO Provider. SAML 2.0 SSO提供程序无法识别该消息。 Please check the logs for more details. 请检查日志以获取更多详细信息。
Let's take salesforce for example... I have tried configuring it with https://myidpdomain:9443/samlsso and https://myidpdomain:9443/samlsso?wa=wsignout1.0 in the "Identity Provider Logout URL" setting. 让我们以salesforce为例...我尝试在“身份提供者注销URL”设置中使用https:// myidpdomain:9443 / samlsso和https:// myidpdomain:9443 / samlsso?wa = wsignout1.0对其进行配置。
The same with zendesk... zendesk也一样...
To both these service providers I have enabled the single logout checkbox in the SAML Inbound Authentication configuration. 对于这两个服务提供商,我都启用了SAML入站身份验证配置中的单个注销复选框。
The single sign on works fine. 单点登录效果很好。
1 个解决方案
解决方案1
1 2015-09-02 11:22:35
Are you using SAML2 SSO Web browser or Passive STS ? 您正在使用SAML2 SSO Web浏览器还是被动STS? In SAML2 SSO web browser profile, you can not send wa=wsignout1.0 for logout. 在SAML2 SSO Web浏览器配置文件中,您无法发送wa=wsignout1.0进行注销。 It is not valid. 这是无效的。 Therefore above error has been generated. 因此,上面的错误已生成。 wa=wsignout1.0 is used in Passive STS profile not in SAML2 SSO. wa=wsignout1.0在“被动STS”配置文件中使用,而不在SAML2 SSO中使用。 If you are using /samlsso end point in WSO2IS, It means that your are using SAML2 SSO. 如果您在WSO2IS中使用/samlsso端点,则意味着您正在使用SAML2 SSO。 Therefore, you must send a proper logout request to the /samlsso end point. 因此,必须将正确的注销请求发送到/samlsso端点。 If you need to get more idea about SSO logout with SAML2 SSO, Please go through this . 如果您需要有关使用SAML2 SSO注销SSO的更多信息,请阅读此文章 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.