AEM SSO SAML Integration (Microsoft Azure AD) - Logout issue

Avatar

Avatar
Boost 1
Level 1
srikrishnank190
Level 1

Likes

2 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
srikrishnank190
Level 1

Likes

2 likes

Total Posts

5 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile
srikrishnank190
Level 1

31-08-2020

We have recently integrated AEM 6.5.5 with SAML based SSO. Able to login to AEM, with SSO authentication. But we were unable to logout. 

 

Configuration values in OSGI SAML Authentication Handler

handleLogout="true"

logoutUrl="https://login.microsoftonline.com/common/wsfederation?wa\=wsignout1.0"

and tried

logoutUrl="https://login.microsoftonline.com/<abc-xyz>/wsfederation?wa=wsignout1.0"

 

The authentication service user has Keystore configured as well.

 

When the logout request generates from AEM, it is throwing as,

srikrishnank190_0-1598940057970.png

 

Note: If we hit the logout URL directly on the browser, it works fine

 

Logs were on trace level,

*DEBUG* com.adobe.granite.auth.saml.SamlAuthenticationHandler Private key of SP not provided: Cannot sign Authn request.
*DEBUG*  com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for [samlp:Response: null]. No signature.

 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

02-09-2020

RE : com.adobe.granite.auth.saml.util.SamlReader Signature verification failed for

 

Either the Assertion or the Signature is missing from the SAMLRequest/SAMLResponse

 

Capture a HAR containing the entire network trace of the logout and base-64 decrypt the POST data to understand what is messed up. 

Answers (1)

Answers (1)

Avatar

Avatar
Springboard
MVP
Shashi_Mulugu
MVP

Likes

233 likes

Total Posts

295 posts

Correct reply

67 solutions
Top badges earned
Springboard
Bedrock
Validate 1
Applaud 100
Establish
View profile

Avatar
Springboard
MVP
Shashi_Mulugu
MVP

Likes

233 likes

Total Posts

295 posts

Correct reply

67 solutions
Top badges earned
Springboard
Bedrock
Validate 1
Applaud 100
Establish
View profile
Shashi_Mulugu
MVP

01-09-2020

@srikrishnank190 Thank you for reaching Adobe Experience League Community. Can you please post your SAML configuration file here?

 

have you checked, Handle Logout option in your SAML configuration? If it is working fine if we hit directly in the browser, it should not be an issue with IDP.