search

SAML-Toolkits / python3-saml

MIT License
682 stars 304 forks source link

Okta SAML SLO Response status received as "Authnfailed" #290

Closed saravanan-subbu closed 1 year ago

saravanan-subbu commented 2 years ago

Okta SSO works fine, when I try to do SLO with okta idp I am getting logout response status as "Authnfailed". Then, I saw the system logs in okta to find the actual error what captured in okta. In, system logs it is showing as signature failure. I upload the SP public certificate while configure the SLO in okta. Could you please help me to solve this issue.

Does this package support SLO with okta?

SAML SLO Request:

<samlp:LogoutRequest Destination="https:///app/_samlssocamp_1/exk2uilu5wAGKGOhZ5d7/slo/saml" ID="ONELOGIN_8d664c70c1392a4a80ba2706e5f8839c54c037ac" IssueInstant="2021-12-16T08:44:16Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

http://172.16.2.163/camp ONELOGIN_50e74a54de4db06e9358d64180f36f3baae12cc9

SAML SLO Response:

<?xml version="1.0" encoding="UTF-8"?> <saml2p:LogoutResponse Destination="http:///camp/auth/slo?org=org-id" ID="id10241621890420073867561907" InResponseTo="ONELOGIN_8d664c70c1392a4a80ba2706e5f8839c54c037ac" IssueInstant="2021-12-16T09:01:38.692Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk2uilu5wAGKGOhZ5d7</saml2:Issuer>

jFfXetfQ5X0Y5CIPMxukrZSD1nHz7txtgAVeS4Wy6jA= gdQfOv/pxPNCXltNed7Z+Fa1EcqmLGjpfLTNLqG79Gv3HPEhK6hMMwYJt6LOWyT2yOY8rROrfO831RkinKXGdIsFUARNXK16S0rbiBVJPfawSURKqZ97Ukk5UdxwqBNzAbg44CStz0xJsssGnL2Xu/tEf6cKSzangxJGTbtY6XsCbEmh0738N2JolMc3lNzP4NKQO2howtUPfHX4R8pOeYQhwWhSh4+tuRTzlkPc0TIKqJuEzlTQHewI2X2CzmIrBwgXpp6Io66ARhoO7NF9apV6qXFMCA8Na5pA86F/P2AMkV2d9Xz9msA5gL7qurPllWTGKBIxyTV5XQwmivuIfQ== MIIDqDCCApCgAwIBAgIGAX0gHl4TMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi01Njk2NDUzNTEcMBoGCSqGSIb3DQEJ ARYNaW5mb0Bva3RhLmNvbTAeFw0yMTExMTQyMDIyMjBaFw0zMTExMTQyMDIzMjBaMIGUMQswCQYD VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi01Njk2NDUzNTEc MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAK+2SphzB3NJqe7cdojnCMxr9A+wPmXXb8xFvE49oRy4wSkFtrIa15J5ipHb6uj1ngbmV8lM R8su/xO1xyaqgWeop2ZdWYRlN0ra/8UCVjuNCIHGDAmQBW4JA1QGmi581mlrmELpLmhnyjLqDdKR K2YXcrMftOxZpMaj9u0EbvLgKY/3S2nx5cPkick2Wwnhiv251OTiL7AWxqNYoxwS7dmbaYFxm2sN u/j9dArvJ+tJQ5NSyNhzxq2Ldodi6BOcePBf/eKTgtlN0INeoWrdv26XewhXZyx9fnvHQ5k8wFSJ McxJDSlMXPrIoHEDn5evjfA9tADv5aA9ooSj/+tGdScCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA LIp6dpUgdBfPkjW+ACV9mpGMkQNDBE7bhLTbPC8hQaq0puYC8naskURLnk7sXc3avADqzFYpodFY MSB3yHPcrUBbTCKBDFL0orVMr69JKrDILxAe9/apBKJU+GpEWOWZU8SNQmmGt+3xuIeBk3uWXIXm dKXSeS0YzDFWla/efSnUAWrglIAL4NAtn/7luNLCMwhRWIs2frZcggC3pqn7oT7lDn5cBzjpB2Dv fW9eI1KkQIhAhpHrxmT2iboMdw0lWebwxIpYViTivohHA4BGZ6a9pRckfbrl8BYlN96DvKeR/dSF gzDq9XnaB2DwBpjMAZVLRZ79t639G2SN5Jz6Nw==
pitbulk commented 2 years ago

Okta Single Logout implementation uses HTTP-POST, but this toolkit supports HTTP-Redirect.

saravanan-subbu commented 2 years ago

Okta Single Logout implementation uses HTTP-POST, but this toolkit supports HTTP-Redirect.

This library does have support to SSO and SLO for onelogin IDP?

pitbulk commented 2 years ago

This library does have support to SSO and SLO for onelogin IDP? Yes