You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an issue trying to log out: my identity provider uses unspecified NameId format and also requires it to be presented in the Logout Request.
As I found in the commit 4348bd7 there was added a code (LogoutRequest.php:95) to omit the unspecified NameId format:
The only solution I found is to comment this line, which in many senses is wrong.
Is there any possibility to make this NameId format omitting optional?
The text was updated successfully, but these errors were encountered:
If you set on your SP settings the NAMEID_UNSPECIFIED, that means that the SP don't know what NameID expects as well as accepting any from the IdP.
The IdP in its SAMLResponse reply, can:
Set no Format, in which case no Format in NameID on the LogoutRequest should be used (this is what was recently added to fix a issue with ADFS.
Set a Format in the NameID. In this case,the same NameID Format should be used on the LogoutRequest.
The IdP should not provide a NameID with unspecified Format, instead omit that value due its omission means that the Format is not specified.
In the same way, IdP should not reject a LogoutRequest with no Format, since that is the same than Format=unspecified.
I have an issue trying to log out: my identity provider uses unspecified NameId format and also requires it to be presented in the Logout Request.
As I found in the commit 4348bd7 there was added a code (LogoutRequest.php:95) to omit the unspecified NameId format:
The only solution I found is to comment this line, which in many senses is wrong.
Is there any possibility to make this NameId format omitting optional?
The text was updated successfully, but these errors were encountered: