Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5917

IdP proxy in a subrealm is unable to send SLO response to the remote SP

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 12.0.0, 13.0.0
    • Fix Version/s: 11.0.4, 12.0.3, 13.0.0
    • Component/s: SAML
    • Sprint:
      Sprint 81 - Sustaining
    • Support Ticket IDs:

      Description

      Steps to reproduce:

      • Set up an IdP Proxy deployment, but make sure that at the idp proxy node everything is defined in a subrealm.
      • Perform a SAML login using SP initiated SSO for example
      • Try to perform an SP initiated SLO from the remote SP

      It looks like the IDPProxyUtil always tries to retrieve the remote SP's metadata from the top level realm and hence the SLO procedure fails.

        Attachments

          Activity

            People

            • Assignee:
              markdr Mark de Reeper
              Reporter:
              abel.hoxeng Abel Hoxeng
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 6h
                6h
                Remaining:
                Time Spent - 1h Remaining Estimate - 3h
                3h
                Logged:
                Time Spent - 1h Remaining Estimate - 3h Time Not Required
                1h