saml-idp 'Invalid Session Participant' on SLO request despite the sessionIndex having the same value as in the authentication response

'Invalid Session Participant' on SLO request despite the sessionIndex having the same value as in the authentication response

Open bazfer opened this issue 3 years ago • 1 comments

Hello, I'm struggling to debug this issue. In short:

In the SSO response from the IDP a sessionIndex is included in the XML

<saml:AuthnStatement AuthnInstant="2022-08-02T16:41:33.293Z" SessionIndex="475112335">

In the SLO request the sessionIndex provided and logged is the same as in the auth response mentioned above

Processing SAML SLO request for participant => 
 {
  serviceProviderId: **redacted**,
  sessionIndex: '475112335',
  nameId: '[email protected]',
  nameIdFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
  serviceProviderLogoutURL: 'http://localhost:3000/users/saml/idp_sign_out'
}

SLO fails due to this issue

Any pointers as to what could be wrong would be greatly appreciated.

Aug 02 '22 16:08 bazfer

I ran into this issue as well. In my case, it was because I was restarting the saml-idp server between sign in and sign out, and it doesn’t persist sessions.

Apr 08 '23 10:04 leafac

saml-idp saml-idp copied to clipboard

'Invalid Session Participant' on SLO request despite the sessionIndex having the same value as in the authentication response

saml-idp
saml-idp copied to clipboard