当用户被迫从onelogin IDP注销时,不会调用服务提供者的SLS端点。
我使用onelogin对我的应用程序的用户进行身份验证。SSO部分工作正常;但是,当我使用onelogin用户管理页面强制注销用户时,我没有看到向我的服务提供者SLS端点发出的任何请求。我是不是错过了打开SLO的配置?
这是我的onelogin配置:
严格=假onelogin.saml2.debug .saml2.deb= true onelogin.saml2.sp.entityid = https://localhost/zk onelogin.saml2.sp.assertion_consumer_service.url = https://localhost/zk/acs onelogin.saml2.sp.assertion_consumer_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST onelogin.saml2.sp.single_logout_service.url = https://localhost/zk/slo onelogin.saml2.sp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress = onelogin.saml2.sp.nameidformat onelogin.saml2.sp.x509cert = #cert提供 onelogin.saml2.idp.entityid = #url提供 onelogin.saml2.idp.single_sign_on_service.url = #url提供 onelogin.saml2.idp.single_sign_on_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect onelogin.saml2.idp.single_logout_service.url = #url提供 onelogin.saml2.idp.single_logout_service.response.url = #url提供 onelogin.saml2.idp.single_logout_service.binding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect onelogin.saml2.idp.x509cert = #cert提供 onelogin.saml2.security.nameid_encrypted = false onelogin.saml2.security.authnrequest_signed = false onelogin.saml2.security.logoutrequest_signed = false onelogin.saml2.security.logoutresponse_signed = false onelogin.saml2.security.want_messages_signed = false onelogin.saml2.security.want_assertions_signed = false onelogin.saml2.security.sign_metadata = onelogin.saml2.security.want_assertions_encrypted = false onelogin.saml2.security.want_nameid_encrypted = false onelogin.saml2.security.requested_authncontext = urn:oasis:names:tc:SAML:2.0:ac:classes:Password onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison =精确 onelogin.saml2.security.want_xml_validation = false onelogin.saml2.security.signature_algorithm = http://www.w3.org/2000/09/xmldsig#rsa-sha1 onelogin.saml2.organization.name = SP onelogin.saml2.organization.displayname = SP示例onelogin.saml2.organization.url = http://sp.example.com onelogin.saml2.organization.lang = 技术人员onelogin.saml2.contacts.technical.email_address = technical@example.com onelogin.saml2.contacts.support.given_name = Support Guy onelogin.saml2.contacts.support.email_address = support@@example.com
回答 1
Stack Overflow用户
发布于 2019-06-21 16:43:17
在回答我自己的问题时,我忘记了我正在本地主机上运行测试服务提供程序,因此onelogin不能将SLO resp发送到SP
https://stackoverflow.com/questions/56706496
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号