single sign on - How to implement SAML logout to ADFS with openSaml? -

-

i created logout request using opensaml library , added signature

<samlp:logoutrequest id="_f576971e-5123-49e4-8152-80653dcdfb1a"     issueinstant="2015-07-23t15:21:42.254z"     reason="urn:oasis:names:tc:saml:2.0:logout:user" version="2.0" xmlns:samlp="urn:oasis:names:tc:saml:2.0:protocol">     <samlp:issuer xmlns:samlp="urn:oasis:names:tc:saml:2.0:assertion">https://my_host/logout</samlp:issuer>     <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">         <ds:signedinfo>             <ds:canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>             <ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>             <ds:reference uri="#_f576971e-5123-49e4-8152-80653dcdfb1a">                 <ds:transforms>                     <ds:transform algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>                     <ds:transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                 </ds:transforms>                 <ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                 <ds:digestvalue/>             </ds:reference>         </ds:signedinfo>         <ds:signaturevalue/>         <ds:keyinfo>             <ds:x509data>                 <ds:x509certificate>miic...</ds:x509certificate>             </ds:x509data>         </ds:keyinfo>     </ds:signature>     <saml2:nameid         format="urn:oasis:names:tc:saml:1.1:nameid-format:unspecified" xmlns:saml2="urn:oasis:names:tc:saml:2.0:assertion">_933c8876-9128-431f-b250-08975fde2a24</saml2:nameid>     <saml2p:sessionindex xmlns:saml2p="urn:oasis:names:tc:saml:2.0:protocol">8ee4bf85-6792-42f5-b038-a3342a0e0e17</saml2p:sessionindex> </samlp:logoutrequest>

and encoded , sended adfs-server url:

https://adfs_host/adfs/ls/signout.aspx?samlrequest=nvbbk...

but, got error adfs:

the federation service encountered error while processing saml authentication request.

additional data exception details: system.xml.xmlexception: msis0018: saml protocol message cannot read because contains data not valid. ---> system.invalidoperationexception: no corresponding start element open. @ system.xml.xmlbasereader.readendelement() @ microsoft.identitymodel.protocols.xmlsignature.signedinfo.readfrom(xmldictionaryreader reader, transformfactory transformfactory) @ microsoft.identitymodel.protocols.xmlsignature.signature.readfrom(xmldictionaryreader reader) @ microsoft.identitymodel.protocols.xmlsignature.envelopedsignaturereader.readsignature() @ microsoft.identitymodel.protocols.xmlsignature.envelopedsignaturereader.tryreadsignature() @ microsoft.identityserver.protocols.saml.samlprotocolserializer.readcommonelements(xmlreader reader, samlmessage message) --- end of inner exception stack trace --- @ microsoft.identityserver.protocols.saml.samlprotocolserializer.readcommonelements(xmlreader reader, samlmessage message) @ microsoft.identityserver.protocols.saml.samlprotocolserializer.readlogoutrequest(xmlreader reader) @ microsoft.identityserver.protocols.saml.samlprotocolserializer.readsamlmessage(xmlreader reader, namespacecontext context) @ microsoft.identityserver.protocols.saml.httpsamlbindingserializer.readprotocolmessage(string encodedsamlmessage) @ microsoft.identityserver.protocols.saml.contract.samlcontractutility.createsamlmessage(msissamlbindingmessage message) @ microsoft.identityserver.web.protocols.saml.samlprotocolmanager.logout(httpsamlmessage logoutmessage, string sessionstate, string logoutstate, boolean partiallogout, boolean isurltranslationneeded, httpsamlmessage& newlogoutmessage, string& newsessionstate, string& newlogoutstate, boolean& validlogoutrequest)

and can't find information problems.

any ideas?

6.3.0.0 adfs on s2012r2 :-). needed take in executable. didn't want in wrong server. exception says there wrong signature. true: digest , signature values missing.

no offense warning. looks bit if trying write yourself. if realize really serious amount of work. , requires major maintenance effort. , signatures trickiest part, steer away course if can. think in months of learning+work....

@ first glimpse there seem other issues request. discussing them lot of work.... suggest take @ least @ xml of implementation. 1 comes of shelve (kantara certified better). , make sure have same attributes , elements.


Comments

Post a Comment

Popular posts from this blog

javascript - Karma not able to start PhantomJS on Windows - Error: spawn UNKNOWN -

-
i lost "unknown" error: karma.conf.js: frameworks: ['mocha', 'should'], plugins: ['karma-mocha', 'karma-should', 'karma-phantomjs-launcher'], ... browsers: ['phantomjs'], error: 23 07 2015 14:35:37.691:warn [karma]: no captured browser, open http://localhost:9876/ 23 07 2015 14:35:37.701:info [karma]: karma v0.13.3 server started @ http://localhost:9876/ 23 07 2015 14:35:37.707:info [launcher]: starting browser phantomjs 23 07 2015 14:35:37.738:error [karma]: { [error: spawn unknown] code: 'unknown', errno: 'unknown', syscall: 'spawn' } error: spawn unknown @ exports._errnoexception (util.js:749:11) @ childprocess.spawn (child_process.js:1093:11) @ exports.spawn (child_process.js:933:9) @ object._execcommand (c:\users\jinga4x\git\mdl-sample-project\node_modules\karma\lib\launchers\process.js:63:21) @ object._start (c:\users\jinga4x\git\md...
Read more

Nuget pack csproj using nuspec -

-
i want create nuget package contains specified in nuspec file, still version csproj. in order use token have pack like: nuget pack myproj.csproj but when adds dependencies , creates unwanted folder in nuget package. nuspec file is: <?xml version="1.0" encoding="utf-8"?> <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"> <metadata> <id>test</id> <version>$version$</version> <title>test</title> <authors>test</authors> <owners>test</owners> <requirelicenseacceptance>false</requirelicenseacceptance> <description>test</description> <summary>test</summary> <releasenotes>test</releasenotes> <copyright>test</copyright> </metadata> <files> <file src="bin\debug\*.dll" target="lib\net45" /> <file s...
Read more

c# - Display ASPX Popup control in RowDeleteing Event (ASPX Gridview) -

-
i have aspxgridview includes new , delete button. delete button includs gv_rowdeleting event. want show aspxpopupcontrol (id="pupconfirm"). want user have confirm password delete item. tried: protected void gv_rowdeleting(object sender, devexpress.web.data.aspxdatadeletingeventargs e) { pupconfirm.showonpageload = true; } but nothing happened. please me. !!! you can create template column javascript prompt confirmation. <itemtemplate> <asp:linkbutton id="btndelete" runat="server" text="delete" commandname="delete" onclientclick="javascript:if(!confirm('are sure want delete record?')){return false;}"> </asp:linkbutton> </itemtemplate>
Read more