-
Notifications
You must be signed in to change notification settings - Fork 582
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Liberty OP configured with SAML IdP, logout at OP is not propagated to the IdP #18177
Comments
@teddyjtorres, please take a look. |
@arunavemulapalli Can you look at this? |
There is a problem in the liberty side, and this is a missing function where we need to integrate our Liberty OIDC OP RP Login > OP authorize > SAML SP login with IdP - (we can protect the OP ‘authorize’ request with saml and then redirect the request to IdP to complete the authentication - this flow works and customers/stack products/w3 id using this already) However, |
I should have mentioned this - it does not matter what the forceAuthn setting is. SAML SP (or OP) is NOT initiating the SAML single logout (SLO) requests when RP is logging out. |
sent a test fix to Shubjit and he verified it in his test environment |
We finally got the changes verified in the client's environment (they verified test fix built on liberty 20.0.0.6 level) and the fix is working. I will go ahead with the code delivery |
Thank you for the Fix @arunavemulapalli , |
Describe the bug
We have configured our ELM applications (RP) with Liberty OP which is further delegated to a SAML IDP.
https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-configuring-saml-web-browser-sso-in
In this case we have issues with Application logout which was solved by adding the attribute spLogout="true" in the samlWebSso20 configuration.
To achieve SSO between our applications configured with Liberty OP and other applications configured with the SAML IDP we have set the value forceAuthn="false" within the samlWebSso20 config.
When we set forceAuthn="false" the SSO between Liberty OP and Other applications connected to SAML IDP works, but then the Logout is not working.
Steps to Reproduce
https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-configuring-saml-web-browser-sso-in
Expected behavior
Logout should work with forceAuthn="false" parameter
Diagnostic information:
java -version
]Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: