ADFS 2.0 SAML注销

时间:2016-04-14 15:07:54

标签: saml adfs

这是从我的SP发送到IDP的saml注销请求,我没有错误,但是当我尝试重新登录到我的SP时,它仍然有我的IDP cookie /会话。有人可以解释一下我在SAML注销时出错了吗?

<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                  ID="_47a182d3-2a7b-46e0-9461-22c636e00b96"
                  Version="2.0"
                  Destination="https://auth.catalystapi.com/adfs/ls"
                  IssueInstant="2016-04-14T10:47:51Z"
                  >
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:7443/</saml2:Issuer>
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
             Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
             >msmith@catalystapi.com</saml:NameID>
<saml2p:SessionIndex>_f28d3fca-b2d6-4912-adf9-a9dde4565f0b</saml2p:SessionIndex>


<samlp:LogoutResponse ID="_d726a1e0-5863-4722-be66-e3109afa9cb8"
                  Version="2.0"
                  IssueInstant="2016-04-14T14:48:14.152Z"
                  Destination="https://auth.catalystapi.com/adfs/ls/?wa=wsignout1.0"
                  Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
                  InResponseTo="_47a182d3-2a7b-46e0-9461-22c636e00b96"
                  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                  >
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://auth.CatalystApi.com/adfs/services/trust</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
        <ds:Reference URI="#_d726a1e0-5863-4722-be66-e3109afa9cb8">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>HXwA60Qo/Xnq9elhhPJVuiSsbbQ=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>ekxYz56VU37Vv9RZsZQMFS6f3whrXCSS0iiiT1NTPQ0FPipNXGxpynmFqcxFdXt7d2/nodbo5rijW4Nwr8BcuDrH9HQ2GCjuD5h/tR5VLuVC00nOXxYp9hKM5veN7ReE+yN00oMsGcTCcaX5VHcckD/FvFxQRBGF2xhn6+eCwqGGmun7TwgLQS/fpNV8a/5D6F5tXJ2+tdmv3L+ubBC1u1tWYqcFqnGxJ8vp/mwnupiRjUU5QuyVk7wcOyBd2fJezJbGGTFQlWCa/NLLwIFleQdUkiyDPVuaPaZQPvqDXOF/WajJyZ2a4+q970CXcWeTOPEeYlXkDgFtnkT7fwgBMQ==</ds:SignatureValue>
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
            <ds:X509Certificate>MIIFcTCCBFmgAwIBAgIQc6hu9A3mqwdL/87ocNkm6jANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wgU0hBMjU2IENBIC0gRzIwHhcNMTYwMzIyMDAwMDAwWhcNMTcwMzIyMjM1OTU5WjAfMR0wGwYDVQQDDBRhdXRoLmNhdGFseXN0YXBpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYUuFzD854sBXzPl04TvoTi/wLJ8RGXY04h7pqyzYkK4jPUuk3FPIgERThBmrTEChxyq+J6YHCzjvdzmj2Fb1yQnVGJy6b5QYImk67aX4z5Fof1wsv6HBhd1wCMPh2dPi9qtMRSfI5XJkvuj+OmTdIVLF7IVA89EvgLHmDQECJ0Tx93HtRDHz3HtSOdA810I+jCNtilg+nBMT0a49Gec1M98aHOnLjMuOJKNOziPmrTozgEYVoasMPtCzeNo8nnyuEXDKp9q4fLHHl6AbuT3zxyaidGZdW7FVm+99mIN3DfuWpRmR5KW31UnoIWijks3j9LZCohEWAT3QFyrXUhigUCAwEAAaOCAn8wggJ7MB8GA1UdEQQYMBaCFGF1dGguY2F0YWx5c3RhcGkuY29tMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2dzLnN5bWNiLmNvbS9ncy5jcmwwbwYDVR0gBGgwZjBkBgZngQwBAgEwWjAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMCwGCCsGAQUFBwICMCAMHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAfBgNVHSMEGDAWgBRM9L/oO77CJPMbRzu1bkiOFquvEjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2dzLnN5bWNiLmNvbS9ncy5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVOfuF8iAAAEAwBGMEQCIENSU7p3qQm9/Vp6IIOaa01Jd6PD58g3D80KAf9IT0f2AiAFKAkNqNARueVtTU8CeRqkEiHCDt/e95+SX0JV/EMm4AB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABU5+4XywAAAQDAEgwRgIhAPShrQkC+S1aFJbTGYiHr8kdAnnaEVzHm002HP5cav0qAiEA1tt46rdjt+qL7IkPdqR/CL0t6hcEiNojyEM/65FAlCAwDQYJKoZIhvcNAQELBQADggEBAC99MrUG3pREsM5j3/sOA1Q8wtThu+1Piu33auyQVaWO096r2TQeDCzVka1Y4czhaXvR/NZi2f/WaKn+/TrtKZL/qP2aQXbuWVLmuH6dKtNLFfgw4pF8a03qK2JBDydv6Agtj/V19Vs0fEcmYD9YusQKpcgNPEank6He10QVOUVDtAZKd94r0jEji2kE93BZK47CWJvZyh4/orFbbrs29fifmw6LGwgDZJx7SQVZwx2YceOcFnlVHOOIcX71QAP6amJRuM/NHxDtH3bF+nIsPg+ctkncPAD2mL7vRHzw0KFqGgE+kluNTbC7QkN2tiMiEvKgjOgFYHg3Gd9A1LEhyKo=</ds:X509Certificate>
        </ds:X509Data>
    </KeyInfo>
</ds:Signature>
<samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>

1 个答案:

答案 0 :(得分:0)

LogoutRequest / LogoutResponse消息交换告诉Idp(ADFS)它应该终止它的会话。 SP负责终止自己的会话本身。这通常是通过在将带有LogoutRequest的重定向/ POST返回给浏览器的同时擦除auth cookie来完成的。

相关问题
最新问题