Forum Discussion

Gabriel_V_13146's avatar
Sep 09, 2014

SAML logout hangs on response

Hello all,

using BIG-IP v11.4.1 (Build 635.0) as a SAML IdP. Actually - we are chaining authentication between 2 IdPs. On invoking a hangup link, the user us 'hanged' on a response url (/saml/idp/profile/post/slr) with following exception in the /var/log/apm:

Sep  9 12:11:48 slot1/localhost err tmm1[8705]: 014d0002:3: SSOv2 plugin error(16) in sso/saml.c:6082
Sep  9 12:11:48 slot1/localhost err tmm2[8705]: 014d0002:3: SSOv2 plugin error(16) in sso/saml.c:6082

The posted response is a signed successful logout reply.

Any idea anyone? We are aware there are lot of fixes up to the BIGIP 11.6, however it will take time until the client can upgrade and .. even I'm not sure it's related to any of the fixed issues.

Best regards.. Gabriel

  • ok - maybe it's related to the following issue fixed in 11.5

    421796 SAML single logout (SLO) now succeeds when a SAML Service Provider (SP) session times out, the user logs in to the SAML SP again, and the user initiates SLO.
    

    seems loggging out from an IdP which delegates logout to another IdP and when returning back the session is already gone (already closed)