spid-saml-check
spid-saml-check copied to clipboard
italia
Flussso SingleLogoutService non corretto!!
Salve,
sembra esserci un problema nel flusso di logout con due SP ed un solo metadata su https://demo.spid.gov.it/
abbiamo sue SP è un solo metadata dove sono definiti due SingleLogoutService il primo è SP A ed il secondo SéP B. Il problema si verifica al momento del logout.
Abbiamo SP A e SP B
L’entityid è https://spid.ordineingegneri.genova.it
SP B fa la richiesta di lgout, questo è quello che succede
SP B → IDP
<samlp:LogoutRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” ID="_d5d33e126819c99c46e98b3d9b732f22" IssueInstant=“2021-11-24T14:00:01Z” Version=“2.0” Destination=“SPID Validator 1”> <saml:Issuer NameQualifier=“https://spid.ordineingegneri.genova.it” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://spid.ordineingegneri.genova.it</saml:Issuer> <saml:NameID NameQualifier=“SPID Validator 1” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:transient”>SPID Validator 1</saml:NameID> samlp:SessionIndex_d80abd01-6472-4fe5-a4c6-40bf2d5fa05f</samlp:SessionIndex> </samlp:LogoutRequest>
IDP → SP A
<samlp:LogoutRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” ID="_d5d33e126819c99c46e98b3d9b732f22" IssueInstant=“2021-11-24T14:00:01Z” Version=“2.0” Destination=“SPID Validator 1”> <saml:Issuer NameQualifier=“https://spid.ordineingegneri.genova.it” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://spid.ordineingegneri.genova.it</saml:Issuer> <saml:NameID NameQualifier=“SPID Validator 1” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:transient”>SPID Validator 1</saml:NameID> samlp:SessionIndex_d80abd01-6472-4fe5-a4c6-40bf2d5fa05f</samlp:SessionIndex> </samlp:LogoutRequest>
SP A → IDP
<samlp:LogoutResponse xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” ID="_6ec700ea-bf8b-46ac-9e22-cb5a005282f9" Version=“2.0” IssueInstant=“2021-11-24T14:00:03Z” Destination=“https://spid.ordineingegneri.genova.it/ordineingegnerigenova/module.php/saml/sp/saml2-logout.php/service 1” InResponseTo="_d5d33e126819c99c46e98b3d9b732f22"> <saml:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity” NameQualifier=“SPID Validator 1”> SPID Validator 1</saml:Issuer>
samlp:Status <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status>
</samlp:LogoutResponse>
IDP → SP A
<samlp:LogoutResponse xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” ID="_6ec700ea-bf8b-46ac-9e22-cb5a005282f9" Version=“2.0” IssueInstant=“2021-11-24T14:00:03Z” Destination=“https://spid.ordineingegneri.genova.it/ordineingegnerigenova/module.php/saml/sp/saml2-logout.php/service 1” InResponseTo="_d5d33e126819c99c46e98b3d9b732f22"> <saml:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity” NameQualifier=“SPID Validator 1”> SPID Validator 1</saml:Issuer>
samlp:Status <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status>
</samlp:LogoutResponse>
Fine il logout avviene su SP A
Quale può essere il problema? Grazie a chi mi risponde
