Eccezione NullReferenceException durante signout-cie

[marco-maroni-spot-software]

Salve in fase di signout, nell'ambiente di collaudo/preproduzione ottengo questa eccezione dalla libreria "CIE.AspNetCore.Authentication": "Object reference not set to an instance of an object."

questo il call stack

      Object reference not set to an instance of an object.
         at CIE.AspNetCore.Authentication.CieHandler.ValidateSignOutResponse(LogoutResponseType response, LogoutRequestType request)
         at CIE.AspNetCore.Authentication.CieHandler.HandleRemoteSignOutAsync()
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

Quali potrebbero essere le possibili cause?

Grazie

[danielegiallonardo]

Dipende dalla response che ti viene inviata in fase di test, probabilmente è malformata o manca qualcosa. Ad esempio demo.spid non invia la firma (è una issue nota) sulla response di signout.

[marco-maroni-spot-software]

L'errore si verifica con l'ambiente di collaudo/preproduzione del Poligrafico, quindi mi aspetterei una risposta conforme. Ma come giustamente dici tu anche Demo Spid dovrebbe essere corretta ed invece non lo è.

[danielegiallonardo]

Riesci a intercettare la Response che ti arriva e verificare che sia conforme?

[marco-maroni-spot-software]

La Response è questa:

Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pVJBbtswEPyKwLskipYji7AUBA0KBEiQIHJy6CWgqJVKVF6qXMot8vrSTty6PuSSE7HkzOzsLNeXv7djtANHxmLFsoSzCFDbzuBQsafN13jFLus1qe0oJnlrBzv7R6DJIkEUqEjy7a1is0NpFRmSqLZA0mvZXN3dSpFwOTnrrbYji66BvEHlD%2B2%2Bez%2BRTNOg5zyMo90Z52c1QtJaNL3RytmtGlAlxqdkBgzdY22ARTfXFXtZLhf9qtDLrOxBg4KyFFov2pXueQtdWwYYHs1ubCDwoigueJvFRS%2B6OO9LiBW0F3GeQQdLlecFbwOJaIYbJK%2FQV0xwIWJexNliw0sphMxXScnFNxY9H1MLE7L3jOSB7E6j%2BTgZRQRunwarj2lMDkJe3fwabiExXQCEBSX7w7yaMH5i0INDmwx2t0%2FGdFMg2d6MkO6FRfpw32zSprlfp6eu%2Fu6x8crPdFZ%2BsR1Ez2qc4WPHdEDLR%2Fg5h12CY5%2FTecIfaH%2FhgzOozaRGltbvrk8Fz3rcAZEaoL7CCJyzLrJaz85Bl5xxj8Cz63%2F1%2F1%2B6%2FgM%3D&RelayState=077760b1-7f2d-4f9e-aeb6-41ede5a4470b&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=OOLb4BcwgdGBvtj1stBYU0gWjMwVyK4k38CvSRNDSOZBvfK0gD4l36gdqcf1SSO%2FjXyW6g7pf9mosTAzHE3WFNw6elD%2Fg0ztaLYvK0EoWMMsYqPcU5sysYBdeEUPRuTSmxijFrjAiN8Y%2F2b5roPk4HdcLLd0tMLnHnp5OA6DDmdMoQE9xk5STq1DFlK66tCzu3ngp3sJLc2SiHk4bqAZj7fQ%2FvV3lpG6SgqLz46arJS1kR1XNfh7I9aOj2CUYXY40Hx44pthscu5LmDnNbgyzr3BycXM2zFSZ0%2Fa7bDmZz7q9CPBdYrMqBgCGkmo9kdXzNEyzAHRVkxWcAyrqUy8zg%3D%3D - - - 302 - - 18.1716ms

Verificare che sia conforme, come potrei fare, senza poter andare in debug della libreria?

[danielegiallonardo]

Il problema è che la decodifica della SAMLResponse, quando è in GET, non è banale da fare senza eseguire il debug. Te lo chiedevo perchè la NullReferenceException, nel metodo ValidateSignOutResponse, potrebbe essere lanciata quando cerca di valutare l'espressione "response.Status.StatusCode.Value == SamlConst.Success". E' possibile che nella response non vi sia il tag Status o che StatusCode non sia valorizzato.

[marco-maroni-spot-software]

Come miglioria per la libreria non sarebbe male aggiungere un _logger.Debug(..) con le varie response SAML che riceve.

[danielegiallonardo]

sono aperto a PR :-)

[marco-maroni-spot-software]

Visto che già loggo gli eventi secondo le specifiche potrei sfruttare i CieEvents per loggare in qualche modo senza modificare la libreria? O quell'eccezioen avviene prima della chiamata CieEvents.RemoteSignOut ?

[danielegiallonardo]

Purtroppo avviene prima della chiamata all'handler HandleRemoteSignOut di CieEvents

[marco-maroni-spot-software]

Ho aggiunto qualche trace alla libreria e ho scoperto che Response è null, guardando nel codice qualle che potrebbe fallire a questo punto è ExtractInfoFromSignOutResponse()

        private async Task<(string Id, LogoutResponseType Message)> ExtractInfoFromSignOutResponse()
        {
            if (HttpMethods.IsPost(Request.Method)
              && !string.IsNullOrEmpty(Request.ContentType)
              && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase)
              && Request.Body.CanRead)
            {
                var form = await Request.ReadFormAsync();

                return (
                    form["RelayState"].ToString(),
                    SamlHandler.GetLogoutResponse(form["SAMLResponse"][0])
                );
            }
            return (null, null);
        }

Ma a questo punto mi viene un dubbio se la request è in GET in questa forma

https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pVLLbtswEPwVgXc9SMuyQlgKggYFAiRIEDk59FJsyJVKVF6qJOUW%2BfrSTty6PuTSE7HkzOzsLNeXv7ZjskPnjaWG8axgCZKy2tDQsKfN57Rml%2B3aw3YUk7y1g53DI%2FrJksckUsnLt7eGzY6kBW%2B8JNiil0HJ7uruVoqskJOzwSo7suQafTAE4dDuWwiTl3ke9VzAcbQ748IMI2YvlkxvFDi7hYEgMyH3ZqDYPVUGWXJz3bCvFagaSw1Kl6j7GpAX0L9oLvgSeF%2BvIoyOZjc2EvBCgOAaUw7VMi2FWKb1ihepqIryohQcFkUVSd7PeEM%2BAIWGiUKItFilfLHhC7moJRdZxRdfWPJ8TC1OyN4zkgeyO43m42TAe3T7NFh7TGNyGPPS82u8xczoCIgLyvaHeTVx%2FMxQQEc2G%2Bxun4zRUyTZ3oyY74VF%2FnDfbfKuu1%2Fnp67%2B7LELEGZ%2FVn6yGpNnGGf82LE%2FoOUj%2FpjjLtGx%2F9N5ou9kf9KDM6TMBCPL23fXp4JnPe7QexiwvaIEnbMusUrNzqHOzrhH4Nn13%2FrfL93%2BBg%3D%3D&RelayState=e92a21de-1a65-4225-8710-26049421a306&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xVvfHuzNods9ZbpFk%2BHsDDOcGRU2TYZ3d0IBCl1DYS7HadEwmh9hs58t6%2B72mKhQpqln24JYPLL%2BThsoiwjvybXRl%2Fm9L7%2Bb2bzazioITFuVLhGM6Evwt%2BvagI3erb1Azv9DXhXUUzncvz%2BvfC3%2B9L%2FSSJpkULZ%2Fm7ZJaGNYizWIjskcWS2FWfS8T3ZDroO2ZHA5zj2Nklc3LWV9deTlrOQOV8q4M%2FhskK1aOFohFc4Touj01j9znIVENFS7tFfHUcNYNTQkPVvcaj3Hpp8KxQazu%2FB%2F5uq7LDtRWt%2FlS6k0geF8a7jnju9Sqdc0rEw2DIX3%2BCanZKnJmOQazc7ZUA%3D%3D

Il codice sembra sbagliato perché cerca SAMRequest nel body e non come parametro nel querystring. Sbaglio?

[danielegiallonardo]

Si, è corretto, il codice attuale non prevede la response in GET. Dovrò correggerlo, grazie per la segnalazione

[danielegiallonardo]

Ho pubblicato un nuovo package in versione prerelease, la 1.1.3-prerelease Potresti verificare che contiene il fix di modo tale da pubblicare la versione definitiva? Grazie

[marco-maroni-spot-software]

Ora ottengo l'errrore "Unable to converto base64 response to ascii string."

at CIE.AspNetCore.Authentication.Saml.SamlHandler.GetLogoutResponse(String base64Response) at CIE.AspNetCore.Authentication.CieHandler.ExtractInfoFromSignOutResponse() at CIE.AspNetCore.Authentication.CieHandler.HandleRemoteSignOutAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at CBR.PortaleConcessioni.WebApp.Middleware.HttpRequestErrorMiddleware.Invoke(HttpContext context) in

questa la request

https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZJNb9swDIb%2FiqG75Y%2FYiyPELooVAwK0aFGnPewy0BLtCnMoT5Kzob9%2BStZsWQ699CRQ4ku%2BfKj11a%2FdGO3ROm2oZhlPWYQkjdI01Oxp%2ByWu2FWzdrAb80ncmsHM%2FhHdZMhhFKTkxJ%2B3ms2WhAGnnSDYoRNeivb67lbkPBWTNd5IM7LoBp3XBP7Y7sX7yYkkCfWsx3E0e239DCPyzpDutQRrdjAQcO0TpwcK3WOpkUWbm5p9Wyyzqi9SUJ%2FKPsu7KlWq6yqVQlouYQFhlA2dzG5NEGCZqUqmXVz1VR8XEldx1xddvIJVUaquX5ZQBpFzM27IeSBfszzN8zhdxtlimxUiW4lyxfMy%2F8qi5xO1MCF7YySOYnuO5n0y4BzaAw3WnGhMFgMvNb%2BGW%2BRahYSwIH449KsO43NNHi0ZPpj9gYxWUxCZXo%2BYHArnycN9u03a9n6dnLv6u8fWg5%2FdRfjZKIyeYZzxfcfumC0e8cccdomWfazOE30n85MerCapJxhZ0ry5Pi940eMOnYMBm2uK0FpjIyPlbC0qfqE9JV5c%2F4v%2F%2F9LNbw%3D%3D&RelayState=e51d8c0b-8f8f-4ce9-bf4b-9a945dbf75a5&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=aP9%2FQjDwSn5RyYdiEJwm5%2FBv9E9cv9w8lJcVO4WhjBtzZSr6sRdjt2%2BC7EwiZRlZOyeb%2By6RogsYWvvM4dsx7A2UWdVzz9y57%2BvcLtQMZnEQcpvnjjnqovR3WBjOgLLMKUbmrLknmkKIx13H5gcx5RlIttPyDh6Cr06JP9bgZ3IjluH%2BV%2FoXuk3LwAwpTJJqdqub5n7atL4DVIkmNyQvpJGxpWSfOpW6pL1Rnij%2BluSva%2BOx9qNiuTwZ96wM4zWKmEmtuhKvTnLe80E5yEuWS2cTDftzy5p8XMak0OpA%2F6VeF%2FQ8Ib9t%2BBorZnjFSIf8raxnU2dQqgDP7wpYfVN5hA%3D%3D

[danielegiallonardo]

Dovrebbe esserci anche una InnerException, potresti riportarla?

[marco-maroni-spot-software]

'The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.'

[danielegiallonardo]

Ok, trovato l'errore, ho pubblicato la versione 1.1.3-prerelease2. Potresti riprovare per favore?

[danielegiallonardo]

Perdonami, versione 1.1.3-prerelease3, contenente un fix sulla verifica della firma del logout

[marco-maroni-spot-software]

Abbiamo fatto progressi, ma ancora il processo di logout fallisce "alla fine". Ma onestamente non riesco a capire quale sia il problema.

Nel log compare un "RemoteSignOutContext.Failed"

Questo il log completo della seguenza da quando ricevo il logout che lato mio è così cofigurato

SignOut(new AuthenticationProperties { RedirectUri = "/login" }, CieDefaults.AuthenticationScheme);

20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[2] => SpanId:4c06e79a9d49871f, TraceId:0016ffc4454f2911420e52d196b1f920, ParentId:0000000000000000 => RequestPath:/api/auth/logout RequestId:400001bf-0000-fb00-b63f-84710c7967bb Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/api/auth/logout - - - 200 - - 29.2840ms
20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request starting HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZLBbtswDIZfxdDdsiw7TizELooVAwK0aNGkPexSyDLtCXMoT5KzoU8%2FOW22LIdeehIo8Sd%2FftT66vd%2BiA5gnTZYkZQyEgEq02rsK%2FK0%2BxqvyFW9dnI%2F8FHcmt5M%2FhHcaNBBFKToxNtbRSaLwkinnUC5Bye8Etvru1vBKROjNd4oM5DoBpzXKP2x3XfvRyeSJNSzHobBHLT1kxyANgZ1p5W0Zi97lFT7xOkeQ%2FdYaSDR5qYiL12XdeWiKEF1wNtmlRWplFmRN8BYwVgYZYMnszszC9KmXGbFKi7ytIjzLM%2FjhjEVNwsoGVfQ8HQWOTfBBp2X6CvCGecxW8ZptktzkS3FoqScFd9I9HyiFiYk74zEUWzP0XxMRjoHdqZB6hON0ULg1U6v4RaobkNCWBCdD%2F2qw%2FhUoweLhvbmMJPR7RhEptMDJHNhnjzcb3fJdnu%2FTs5d%2Fd3j1ks%2FuYvwi2khepbDBB87dsds8Qg%2Fp7BLsORzdZ7wB5pf%2BGA1Kj3KgST1u%2Bvzghc97sA52UN9jRFYa2xklJqshZZeaE%2BJF9f%2F4v%2B%2FdP0H&RelayState=f1b97368-6416-4344-b00c-b5e902ceb210&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xnt30%2FQlGii%2Bo6cm9F5UAU2YGvzcgWs2XauX2mv0o%2BQUqOf%2FjpcSnKx3svislqLWQOEJMh9vpMutDtTqyL0ocYQJL%2BwWzb62q289ndNmjO%2Flnw5U1H%2FNH2%2FdlKP63Wbjb4Ca73DsIrIhv6C%2FowGTp9k9WqtLvOy7T0I1c0Yu%2Buf00zzrzmnzrZc3kEiAWIMIhZYT9atLU34h6LAHBoCjNIlL5O0YZHbHNRB2wBMHpWxWZ8E58AYfeNaFsMjxfES8oCZ0hAMAzQGnlsweIJto19w6sXGWH5uMWMcT%2BT3K%2F%2F4Pg7peuNa0IX1Nu2TQlUqgcDpr77NqQ524R8scTx%2BVZQ%3D%3D - -
20220713-16:38:05 dbug: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[4] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb The request path /signout-cie does not match a supported file type
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.Matching.DfaMatcher[1001] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb 1 candidate(s) found for the request path '/signout-cie'
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.Matching.DfaMatcher[1005] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Endpoint 'Fallback {*path:nonfile}' with route pattern '{*path:nonfile}' is valid for the request path '/signout-cie'
20220713-16:38:05 dbug: Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request matched endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 fail: CIE.AspNetCore.Authentication.CieHandler[7] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb RemoteSignOutContext.Failed
20220713-16:38:05 dbug: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[8] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb AuthenticationScheme: Cookies was successfully authenticated.
20220713-16:38:05 info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Executing endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[2] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Sending file. Request path: '/index.html'. Physical path: 'C:\inetpub\wwwroot\PortaleConcessioni\wwwroot\index.html'
20220713-16:38:05 info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Executed endpoint 'Fallback {*path:nonfile}'
20220713-16:38:05 info: Microsoft.AspNetCore.Hosting.Diagnostics[2] => SpanId:a7be182f083a2e17, TraceId:0abb0e17a6b4bf0a25425dd8f341f979, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400001c1-0000-fb00-b63f-84710c7967bb Request finished HTTP/2 GET https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZLBbtswDIZfxdDdsiw7TizELooVAwK0aNGkPexSyDLtCXMoT5KzoU8%2FOW22LIdeehIo8Sd%2FftT66vd%2BiA5gnTZYkZQyEgEq02rsK%2FK0%2BxqvyFW9dnI%2F8FHcmt5M%2FhHcaNBBFKToxNtbRSaLwkinnUC5Bye8Etvru1vBKROjNd4oM5DoBpzXKP2x3XfvRyeSJNSzHobBHLT1kxyANgZ1p5W0Zi97lFT7xOkeQ%2FdYaSDR5qYiL12XdeWiKEF1wNtmlRWplFmRN8BYwVgYZYMnszszC9KmXGbFKi7ytIjzLM%2FjhjEVNwsoGVfQ8HQWOTfBBp2X6CvCGecxW8ZptktzkS3FoqScFd9I9HyiFiYk74zEUWzP0XxMRjoHdqZB6hON0ULg1U6v4RaobkNCWBCdD%2F2qw%2FhUoweLhvbmMJPR7RhEptMDJHNhnjzcb3fJdnu%2FTs5d%2Fd3j1ks%2FuYvwi2khepbDBB87dsds8Qg%2Fp7BLsORzdZ7wB5pf%2BGA1Kj3KgST1u%2Bvzghc97sA52UN9jRFYa2xklJqshZZeaE%2BJF9f%2F4v%2B%2FdP0H&RelayState=f1b97368-6416-4344-b00c-b5e902ceb210&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=xnt30%2FQlGii%2Bo6cm9F5UAU2YGvzcgWs2XauX2mv0o%2BQUqOf%2FjpcSnKx3svislqLWQOEJMh9vpMutDtTqyL0ocYQJL%2BwWzb62q289ndNmjO%2Flnw5U1H%2FNH2%2FdlKP63Wbjb4Ca73DsIrIhv6C%2FowGTp9k9WqtLvOy7T0I1c0Yu%2Buf00zzrzmnzrZc3kEiAWIMIhZYT9atLU34h6LAHBoCjNIlL5O0YZHbHNRB2wBMHpWxWZ8E58AYfeNaFsMjxfES8oCZ0hAMAzQGnlsweIJto19w6sXGWH5uMWMcT%2BT3K%2F%2F4Pg7peuNa0IX1Nu2TQlUqgcDpr77NqQ524R8scTx%2BVZQ%3D%3D - - - 200 6328 text/html 50.8065ms

E il cookie Cie.Properties è ancora valido mi permette di chiamare le mia API quindi confermo che il logout non si è concluso come doveva.

[danielegiallonardo]

RemoteSignOutContext.Failed viene lanciato quando la verifica della firma viene superata, ma fallisce il controllo (response.InResponseTo == request.ID) Potresti verificare che gli ID di request e response coincidano?

[marco-maroni-spot-software]

Questa mattina non riesco nemmeno a fare login ha iniziato a darmi "Signature non valida", pur non avendo cambiato nulla :-( Ti risulta ci sia qualche problema sul server di collaudo preproduzione?

System.Exception: Signature non valida    
at CIE.AspNetCore.Authentication.Helpers.BusinessValidation.ValidationCondition(Func`1 condition, String error) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\Helpers\BusinessValidation.cs:line 17
at CIE.AspNetCore.Authentication.Saml.SamlHandler.ValidateAuthnResponse(ResponseType response, AuthnRequestType request, EntityDescriptorType metadataIdp, String serializedResponse) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\Saml\SamlHandler.cs:line 228
at CIE.AspNetCore.Authentication.CieHandler.ValidateAuthenticationResponse(ResponseType response, AuthnRequestType request, AuthenticationProperties properties, String serializedResponse) in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\CieHandler.cs:line 283
at CIE.AspNetCore.Authentication.CieHandler.HandleRemoteAuthenticateAsync() in C:\Sources\cie-aspnetcore\CIE.AspNetCore.Authentication\CIE.AspNetCore.Authentication\CieHandler.cs:line 145

Il call stack che vedi è della versione debug che mi sono compilato io, a cui avevo aggiunto un trace per controllare quello che mi avevi chiesto, ma mi da lo stesso problema con la versione 1.1.3-prerealease3

[danielegiallonardo]

Ho pubblicato la prerelease4. Perdona il fastidio, ma la modifica porta con se conseguenze complesse, soprattutto se non si ha la possibilità di testare.

[marco-maroni-spot-software]

No anzi mi fa piacere testare ed essere utile, appena riesco verifico...

[marco-maroni-spot-software]

Ti confermo che response.InResponseTo == request.ID ma continuo a ricevere "RemoteSignOutContext.Failed"

Questo il log con il mio trace che conferma l'uguaglianza.

20220714-11:37:10 dbug: CIE.AspNetCore.Authentication.CieHandler[0] => SpanId:8cb043357c5f8b79, TraceId:2adced52463242704ec314784430adbc, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400003b2-0001-f500-b63f-84710c7967bb response.InResponseTo: _945fabe9-5065-4f25-afa1-268c86d71cae, request.ID: _945fabe9-5065-4f25-afa1-268c86d71cae
20220714-11:37:10 fail: CIE.AspNetCore.Authentication.CieHandler[7] => SpanId:8cb043357c5f8b79, TraceId:2adced52463242704ec314784430adbc, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:400003b2-0001-f500-b63f-84710c7967bb RemoteSignOutContext.Failed

questo la modifica che ho fatto per ottenere quel trace

[danielegiallonardo]

Potresti provare il flusso di logout con la versione 2.0.1 del package e dirmi se riscontri ancora il problema? Grazie

[danielegiallonardo]

Inoltre, se implementi un tuo LogHandler, puoi vedere le request/response grezze che vengono scambiate https://github.com/italia/cie-aspnetcore#log-handling

[marco-maroni-spot-software]

Con la versione 2.0.1 al logout ottengo un errore diverso:

mi viene chiamato questo url che però fallisce, poi fa fall back sulla pagina che gestisce il 404

https://sportellovirtuale.bonificaromagna.it/signout-cie?SAMLResponse=pZJNT9wwEIb%2FSuR7vj9IrE0QKkJCAoHIwqGXyoknqdXsOHicbdVfX2fLlmUPXHqyxp535p1nvLn8tZu8PRhSGmsWBxHzAHstFY41e97e%2BCW7bDYkdlMy8zs96sU%2BAc0aCTwnReJ%2F32q2GORakCKOYgfEbc%2Fbq%2Fs7ngQRn422utcT866BrEJhD%2B2%2BWzsTD0NXz1iYJr1Xxi5igqDTqAbVC6N3YkQRKBuSGtF193sFzLu9rtm3opBdNcgKZCKytEqj4QKyVOSi7FIpyjUNj2a32glgyLui6GI%2Fr4T0s7ICv5S99Mu8yy6GpErSWDoR0QK3SFagrVkSJakfZX6cbOOY5yWP4qAo4q%2FMezlScxOyN0b8IDanaD4nI4jArDRYc6ShpLtyKwnWQ%2F1WbuBAoQWDOhj1fmWh5Bw6poOaIFxLJeHjQ7sN2%2FZhE576%2BLe51gq70Fn4RUvwXsS0wOce6ZDNn%2BB1cdsDw%2F6vzjP%2BQP0TH43CXs1iYmHz5vq04FmPeyASIzRX6IEx2ni67xdjQAZn2mPi2fV7%2FPETN38A&RelayState=ef5b66b1-59ad-489e-8dcd-85b47f29231d&SigAlg=http:%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=fuvksaXPPvdF%2F7xeB1gCOGpWGJRKok%2BO7d91k1hFdWTOFsdcAa7dndFJPgoL51RS1fZtP7f08n1I7vExU8xGMvnEi5WziYs%2B5WG%2FF7dvqXHF0KvmdOfmIegVHJF7IsPNf2EozaTEsxolthhGlLFEMAJUVASllsFqhyF8fDVClIegT9B9EaLuf9pUuPH%2B7L88pwcFsQ1QmeIHvUMDCiaQ4msjR9AEns2TdHptpEhd3QjYGZ4YA8HuSb4UWUNLPMxo9EjtHyfy4Vs7zDk4pk3tWFhajCQ9d5CANhJn7%2FcKQU2klauZ8gLi%2FPUaecpFF95ZBegADIGe8Lp6AKuUb44SFQ%3D%3D

Questo il log dall'avvio dell'app su IIS al suo stop

20230412-13:56:15 dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
      Hosting starting
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.Repositories.EphemeralXmlRepository[50]
      Using an in-memory repository. Keys will not be persisted to storage.
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59]
      Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
20230412-13:56:15 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {8a34d886-fab8-4db4-87cd-6098d8876021} may be persisted to storage in unencrypted form.
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Production
20230412-13:56:15 info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\inetpub\wwwroot\PortaleConcessioni\
20230412-13:56:15 dbug: Microsoft.Extensions.Hosting.Internal.Host[2]
      Hosting started
20230412-13:56:20 dbug: CBR.PortaleConcessioni.WebApp.Middleware.CieLogHandler[0]
      => SpanId:170fb601fdb8ac31, TraceId:da3d60fbd6aac766243fb8001fd59494, ParentId:0000000000000000 => RequestPath:/api/auth/login-cie RequestId:40000284-0001-ff00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.LoginCie (CBR.PortaleConcessioni.WebApp)
      PostRequest Url:https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO SAMLRequest:PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZjA1ZjlkYmEtZmI4Mi00NTExLThiYzQtN2YxMzBkYWIxOTE2IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wNC0xMlQxMTo1NjoxOS4zMTNaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9pZHNlcnZlci5zZXJ2aXppY2llLmludGVybm8uZ292Lml0L2lkcC9wcm9maWxlL1NBTUwyL1BPU1QvU1NPIiBGb3JjZUF1dGhuPSJ0cnVlIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VJbmRleD0iMCIgQXR0cmlidXRlQ29uc3VtaW5nU2VydmljZUluZGV4PSIwIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiNfZjA1ZjlkYmEtZmI4Mi00NTExLThiYzQtN2YxMzBkYWIxOTE2Ij48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+WERNaGlqMEFQdUx5YkdhblgzRndORWJPU3ZWK2wvbldsbHA5K015MW82ND08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+dkloSlh3b0EwOVgzRTVpdTN3VGtrVEJicXVwU2plQkJiY294TDFNMjlzS3AvNzVXU25hM01YTkVMbzlvOTZhSDZHWURNbGsyZWRMcklpM3FQWjdCUnRNNmI2R3ZXay9hT251OGp2aHZLbGtzVXhRT1ovTy9GZHpwbjRzN2JyV240QVJYOXZpeWF4V21aWXFoc1JPWEEvQzNLbkNSbXVwTUt6dXM1WnV0Q2FlQzNmTkYwcEphUnp6MEVPbXRKSlRmdGwwTElsN08raG1KRU1LbnFsYVdxbVlUZXh4KzhpcHBZUzliRVJLd0dySGJZQ0FtQVA3ZDVlbU4yVWRSTk8xaDVJWjVjcHQ4VHZ0ODkvSFVqclFQNnNlSmJuNmRrZGd4dTE4Njk3WW1CcGEyeDhPd0lmeW9Wa0R0MmJmSVVRN0NiNFNwd2ZvdlBjVENNWW80N2xxYXJTdllDSDh2Tld6TEd2SFYyOUcyQzNIQlIrcDN3SjhrbVJxMGhBMVpSai9zQXcyR2Fnb2o5WHJEaVNlRzIrMGlUSEtHc0NnWjhCMEVIZVBnb1RpdlBJZCtVQisvdFRvc1h0OW00U2pPUFFGVUlualN1a25MNGE3Q21QZkt4R3F3L0FyVi9rbjVxcnZ5RUFNLzJ1MFVWMDd3a1JSM2hwaXV6VndJNVovMDNlUU08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUc2RENDQlZDZ0F3SUJBZ0lVZGpkTUxCWTYzczV4K1VxT1JCQzJDMlBpRUxzd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z2NveExEQXFCZ05WQkFvTUkwTnZibk52Y25wcGJ5QmthU0JDYjI1cFptbGpZU0JrWld4c1lTQlNiMjFoWjI1aE1TMHdLd1lEVlFRRERDUnpjRzl5ZEdWc2JHOTJhWEowZFdGc1pTNWliMjVwWm1sallYSnZiV0ZuYm1FdWFYUXhOVEF6QmdOVkJGTU1MR2gwZEhCek9pOHZjM0J2Y25SbGJHeHZkbWx5ZEhWaGJHVXVZbTl1YVdacFkyRnliMjFoWjI1aExtbDBNUll3RkFZRFZRUmhEQTFRUVRwSlZDMWpZbkpmTURRd01Rc3dDUVlEVlFRR0V3SkpWREVQTUEwR0ExVUVCd3dHUTJWelpXNWhNQjRYRFRJeU1EWXlPVEEzTkRVME5Wb1hEVEl6TURZeU9UQTNORFUwTlZvd2djb3hMREFxQmdOVkJBb01JME52Ym5OdmNucHBieUJrYVNCQ2IyNXBabWxqWVNCa1pXeHNZU0JTYjIxaFoyNWhNUzB3S3dZRFZRUUREQ1J6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4TlRBekJnTlZCRk1NTEdoMGRIQnpPaTh2YzNCdmNuUmxiR3h2ZG1seWRIVmhiR1V1WW05dWFXWnBZMkZ5YjIxaFoyNWhMbWwwTVJZd0ZBWURWUVJoREExUVFUcEpWQzFqWW5KZk1EUXdNUXN3Q1FZRFZRUUdFd0pKVkRFUE1BMEdBMVVFQnd3R1EyVnpaVzVoTUlJQm9qQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FZOEFNSUlCaWdLQ0FZRUE2N2hQUnBEMEl2dllrOE1keEhxSTMwUTRrMzJTbmxJcnNERVZsOFRna0tacWdiMHZCZkUvOWZFc21zV0lhVUpWUHNUYmZHbTd1VDEvQ0d5L3NHRmoySTlBMEJqaEFwQ0JTc0tqTStySWtXRUQ3TU9hNnpOamZzNktKMmQ0b0ZXdDFFanBFUFlpZDBSVTdIdlRFK2RWK1BTRFMvZ2VWdnhkYUhRdmJlWTc2dlRHOVplNDlKWnpsS1lJaXEwbmduOUpmSXZjWHl6SXgxaE5WVG9EQlZXRmZVb2RQYTUyb1ZPVDhUbzRXTmhoSDFjRkxRT3prU2tCUDNKcGRudC9TV1FUcWhmMmFqVVhRdlhUUkhITjhHa1BUWnFkWHJzQW5pNCthWGVsVlJVMHhGWU53a3hrbGVZVTRRVSs0N1V4WHNBRkh1bXIzZENScG9WWWNORSs3b29rRGlIbnc5dHJoV1pDRlRpTUpwOFhKelZVUlRvT01MckcrYU1LVE1BMzBwRjEyUUVBN0pwSTFrZjdJL0xld2J5YnBNdFpMbmk5RldNY0YwNi9Lc1JjRHpyamJjRjN2a2ZpOEdLdGw1Tnk0dDRUbG9rZ2JOcFVxSzhJSHRHKzY4MG9uRytwVEVkeEU1NWJjMDBOUWl2cGpNdXJDWVJBV1NJZTNRcGRlaFllUXVhZEFnTUJBQUdqZ2dIQ01JSUJ2akFKQmdOVkhSTUVBakFBTUE0R0ExVWREd0VCL3dRRUF3SUd3REJ6QmdOVkhTQUViREJxTUI4R0F5dE1FREFZTUJZR0NDc0dBUVVGQndJQ01Bb01DRUZuU1VSeWIyOTBNQ0FHQkN0TUVBWXdHREFXQmdnckJnRUZCUWNDQWpBS0RBaGhaMGxFWTJWeWREQWxCZ1lyVEJBRUFnRXdHekFaQmdnckJnRUZCUWNDQWpBTkRBdGpaWEowWDFOUVgxQjFZakFkQmdOVkhRNEVGZ1FVNDNicXA0YitvNUNDQS9Nc1QwUWpWQnY2OTdzd2dnRUxCZ05WSFNNRWdnRUNNSUgvZ0JUamR1cW5odjZqa0lJRDh5eFBSQ05VRy9yM3U2R0IwS1NCelRDQnlqRXNNQ29HQTFVRUNnd2pRMjl1YzI5eWVtbHZJR1JwSUVKdmJtbG1hV05oSUdSbGJHeGhJRkp2YldGbmJtRXhMVEFyQmdOVkJBTU1KSE53YjNKMFpXeHNiM1pwY25SMVlXeGxMbUp2Ym1sbWFXTmhjbTl0WVdkdVlTNXBkREUxTURNR0ExVUVVd3dzYUhSMGNITTZMeTl6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4RmpBVUJnTlZCR0VNRFZCQk9rbFVMV05pY2w4d05EQXhDekFKQmdOVkJBWVRBa2xVTVE4d0RRWURWUVFIREFaRFpYTmxibUdDRkhZM1RDd1dPdDdPY2ZsS2prUVF0Z3RqNGhDN01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQmdRQy9HeVBjNTAramZhdmNMK29hZS9kWXBVY2FrOG5RR052QkRkdVhtR1M4ZHVuUUVFNURvdVRhWDQxYU9DcVE2aFNpakt3cHlCcWVqZmhQOTVFaDdsNUNlb3pHbUduSGJuWlAzK09PRWg2QnZkanh0VzVZc2hsTXBNSXhLaEdoL0dGTmRYMk8xTlBTWlZ2NDZ2cWRrbzdZSTkrQXJYSEREMHMrVmRVOE54NEl6TllZUm5CNThBL3pja3drVERkRmt3a2tXelhOdHF1ZElHNXRvK0hUS2pvdmE5SmpYT1VnU25LU1FNWjBqT2dQZzB6RWxnWGN1QUJyOGpDQzJTRHRDVVJ4MUJSaHdES0N4MDI3U0ZmQml4Q3A5WXFZajF1Nm9zM2QrVmVlaGtGSTlmZmJiektPL1ZaUTg1bEVESHloOUNzSnhpcGIvdnFtZlJCSDNFRHAxcngvR0ZtTWFMRTc5V05GNlZNbzkvMlNqd1hmTStDQnhDSVc0QXdwU1duYTZ0SkFSeGRNMzZxbzV1Q0hXcG4xR3YzbldVU3hWWGhzOTlxeUFVME4rNHdMaDJXMUlPRXFtdnRIKzBTYWsva1JqbllUU3BVdmt2c0hFMkUzTk0wbDBBSWhMeGVhZGhSNmJrdE12dUUwc08xRWtZVzFqZEtnTncvQTNIa2dOUXNBTnRVPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiIC8+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjMtMDQtMTJUMTE6NDY6MTkuMzEzWiIgTm90T25PckFmdGVyPSIyMDIzLTA0LTEyVDEyOjA2OjE5LjMxM1oiIC8+PHNhbWxwOlJlcXVlc3RlZEF1dGhuQ29udGV4dCBDb21wYXJpc29uPSJtaW5pbXVtIj48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj5odHRwczovL3d3dy5zcGlkLmdvdi5pdC9TcGlkTDI8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1scDpSZXF1ZXN0ZWRBdXRobkNvbnRleHQ+PC9zYW1scDpBdXRoblJlcXVlc3Q+
20230412-13:56:20 info: CIE.AspNetCore.Authentication.CieHandler[12]
      => SpanId:170fb601fdb8ac31, TraceId:da3d60fbd6aac766243fb8001fd59494, ParentId:0000000000000000 => RequestPath:/api/auth/login-cie RequestId:40000284-0001-ff00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.LoginCie (CBR.PortaleConcessioni.WebApp)
      AuthenticationScheme: Cie was challenged.
20230412-13:57:23 dbug: CBR.PortaleConcessioni.WebApp.Controllers.UserController[0]
      => SpanId:3da33afe473121a4, TraceId:6acfd88968561e90972ad893ef1a5fe9, ParentId:0000000000000000 => RequestPath:/api/user/me RequestId:40001347-0000-fa00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebApp.Controllers.UserController.Get (CBR.PortaleConcessioni.WebApp)
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier:[]
      Name:[]
      FamilyName:[]
      FiscalNumber:[]
      DateOfBirth:[]

20230412-13:58:03 dbug: CBR.PortaleConcessioni.WebApp.Middleware.CieLogHandler[0]
      => SpanId:20b086ee2b2006d9, TraceId:8c47c7c05b8406660aad0dde7520d4ad, ParentId:0000000000000000 => RequestPath:/api/auth/logout RequestId:40001349-0000-fa00-b63f-84710c7967bb => CBR.PortaleConcessioni.WebAPI.Controllers.AuthController.Logout (CBR.PortaleConcessioni.WebApp)
      PostRequest Url:https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO SAMLRequest:PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6TG9nb3V0UmVxdWVzdCB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iX2VmNWI2NmIxLTU5YWQtNDg5ZS04ZGNkLTg1YjQ3ZjI5MjMxZCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDQtMTJUMTE6NTg6MDMuMzMwWiIgRGVzdGluYXRpb249Imh0dHBzOi8vaWRzZXJ2ZXIuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9pZHAvcHJvZmlsZS9TQU1MMi9QT1NUL1NMTyIgUmVhc29uPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bG9nb3V0OnVzZXIiIE5vdE9uT3JBZnRlcj0iMjAyMy0wNC0xMlQxMjowODowMy4zMzBaIiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgTmFtZVF1YWxpZmllcj0iaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQiIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDwvc2FtbDpJc3N1ZXI+PFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PFNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PFJlZmVyZW5jZSBVUkk9IiNfZWY1YjY2YjEtNTlhZC00ODllLThkY2QtODViNDdmMjkyMzFkIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+dlh1RmFJdDNVb3BUbFhDQ3QvSEk3Nmt0cEp6SEZ6SEh6Zjl1MTRtd1J5cz08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+YWtaRVQrVjRMemRsWXlHZVlEYmRhdWJ3NFpkVUoxY3g3SnMxVXE2clJsbUQzS0h5eVZUSEhNeG04QzdlSlVqSjR0cXJDMTJYMk1yNFpJek9td1JzMnlydWpNaXJLbnNCL3VoYUtoKy9wTHRURkR2bFZPdzFXVkpGcElYcTNybGxLcmc2d0RGeHFvZDJQM0N6Y3JjWFNaY2gvRGQrVmJycDlENkd0YkpxWXI2MGtHUlREOVI2blVjVUh3ZE02eFBkQTdhdkhmdkwrc05TdTVGM0RVdjI0R0NERW9XUTAwQjdYYnhuSk1TY1lOa25YZTVnaE1BcUZMWW9qdG1ocjNYNXpSZVBDU1hmbHRqaUJlLzVyME01NWV3MVNFRXc2bjFJNUpVMm9lMkFWN1lpL0hjNzFRZnl2alRvOC9uSjlVdXVYMEVKRlJWbGZXcmMvN1haUGUzWi9YUFpYazl4NFl3TE1tQ0RLcXJrdnVlTjF4M0NPc29IVzdqZXloZEhYRVFQUlBxM095aG5panJ5K1hObmxkbHdhTXRTK2FML01UdlJmRXJXRTl1ZEkxR3NTbXdkaFZBZFM2S0lZZlcycG9tRFFLMGFpTUIzVVFvbW1YMEs3WHJmTFdSTEViSmJnVFFFbHltSmdtQTRFVEpNWUZSek5rSm5SNU13RlFSVFZHVXQ8L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUc2RENDQlZDZ0F3SUJBZ0lVZGpkTUxCWTYzczV4K1VxT1JCQzJDMlBpRUxzd0RRWUpLb1pJaHZjTkFRRUxCUUF3Z2NveExEQXFCZ05WQkFvTUkwTnZibk52Y25wcGJ5QmthU0JDYjI1cFptbGpZU0JrWld4c1lTQlNiMjFoWjI1aE1TMHdLd1lEVlFRRERDUnpjRzl5ZEdWc2JHOTJhWEowZFdGc1pTNWliMjVwWm1sallYSnZiV0ZuYm1FdWFYUXhOVEF6QmdOVkJGTU1MR2gwZEhCek9pOHZjM0J2Y25SbGJHeHZkbWx5ZEhWaGJHVXVZbTl1YVdacFkyRnliMjFoWjI1aExtbDBNUll3RkFZRFZRUmhEQTFRUVRwSlZDMWpZbkpmTURRd01Rc3dDUVlEVlFRR0V3SkpWREVQTUEwR0ExVUVCd3dHUTJWelpXNWhNQjRYRFRJeU1EWXlPVEEzTkRVME5Wb1hEVEl6TURZeU9UQTNORFUwTlZvd2djb3hMREFxQmdOVkJBb01JME52Ym5OdmNucHBieUJrYVNCQ2IyNXBabWxqWVNCa1pXeHNZU0JTYjIxaFoyNWhNUzB3S3dZRFZRUUREQ1J6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4TlRBekJnTlZCRk1NTEdoMGRIQnpPaTh2YzNCdmNuUmxiR3h2ZG1seWRIVmhiR1V1WW05dWFXWnBZMkZ5YjIxaFoyNWhMbWwwTVJZd0ZBWURWUVJoREExUVFUcEpWQzFqWW5KZk1EUXdNUXN3Q1FZRFZRUUdFd0pKVkRFUE1BMEdBMVVFQnd3R1EyVnpaVzVoTUlJQm9qQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FZOEFNSUlCaWdLQ0FZRUE2N2hQUnBEMEl2dllrOE1keEhxSTMwUTRrMzJTbmxJcnNERVZsOFRna0tacWdiMHZCZkUvOWZFc21zV0lhVUpWUHNUYmZHbTd1VDEvQ0d5L3NHRmoySTlBMEJqaEFwQ0JTc0tqTStySWtXRUQ3TU9hNnpOamZzNktKMmQ0b0ZXdDFFanBFUFlpZDBSVTdIdlRFK2RWK1BTRFMvZ2VWdnhkYUhRdmJlWTc2dlRHOVplNDlKWnpsS1lJaXEwbmduOUpmSXZjWHl6SXgxaE5WVG9EQlZXRmZVb2RQYTUyb1ZPVDhUbzRXTmhoSDFjRkxRT3prU2tCUDNKcGRudC9TV1FUcWhmMmFqVVhRdlhUUkhITjhHa1BUWnFkWHJzQW5pNCthWGVsVlJVMHhGWU53a3hrbGVZVTRRVSs0N1V4WHNBRkh1bXIzZENScG9WWWNORSs3b29rRGlIbnc5dHJoV1pDRlRpTUpwOFhKelZVUlRvT01MckcrYU1LVE1BMzBwRjEyUUVBN0pwSTFrZjdJL0xld2J5YnBNdFpMbmk5RldNY0YwNi9Lc1JjRHpyamJjRjN2a2ZpOEdLdGw1Tnk0dDRUbG9rZ2JOcFVxSzhJSHRHKzY4MG9uRytwVEVkeEU1NWJjMDBOUWl2cGpNdXJDWVJBV1NJZTNRcGRlaFllUXVhZEFnTUJBQUdqZ2dIQ01JSUJ2akFKQmdOVkhSTUVBakFBTUE0R0ExVWREd0VCL3dRRUF3SUd3REJ6QmdOVkhTQUViREJxTUI4R0F5dE1FREFZTUJZR0NDc0dBUVVGQndJQ01Bb01DRUZuU1VSeWIyOTBNQ0FHQkN0TUVBWXdHREFXQmdnckJnRUZCUWNDQWpBS0RBaGhaMGxFWTJWeWREQWxCZ1lyVEJBRUFnRXdHekFaQmdnckJnRUZCUWNDQWpBTkRBdGpaWEowWDFOUVgxQjFZakFkQmdOVkhRNEVGZ1FVNDNicXA0YitvNUNDQS9Nc1QwUWpWQnY2OTdzd2dnRUxCZ05WSFNNRWdnRUNNSUgvZ0JUamR1cW5odjZqa0lJRDh5eFBSQ05VRy9yM3U2R0IwS1NCelRDQnlqRXNNQ29HQTFVRUNnd2pRMjl1YzI5eWVtbHZJR1JwSUVKdmJtbG1hV05oSUdSbGJHeGhJRkp2YldGbmJtRXhMVEFyQmdOVkJBTU1KSE53YjNKMFpXeHNiM1pwY25SMVlXeGxMbUp2Ym1sbWFXTmhjbTl0WVdkdVlTNXBkREUxTURNR0ExVUVVd3dzYUhSMGNITTZMeTl6Y0c5eWRHVnNiRzkyYVhKMGRXRnNaUzVpYjI1cFptbGpZWEp2YldGbmJtRXVhWFF4RmpBVUJnTlZCR0VNRFZCQk9rbFVMV05pY2w4d05EQXhDekFKQmdOVkJBWVRBa2xVTVE4d0RRWURWUVFIREFaRFpYTmxibUdDRkhZM1RDd1dPdDdPY2ZsS2prUVF0Z3RqNGhDN01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQmdRQy9HeVBjNTAramZhdmNMK29hZS9kWXBVY2FrOG5RR052QkRkdVhtR1M4ZHVuUUVFNURvdVRhWDQxYU9DcVE2aFNpakt3cHlCcWVqZmhQOTVFaDdsNUNlb3pHbUduSGJuWlAzK09PRWg2QnZkanh0VzVZc2hsTXBNSXhLaEdoL0dGTmRYMk8xTlBTWlZ2NDZ2cWRrbzdZSTkrQXJYSEREMHMrVmRVOE54NEl6TllZUm5CNThBL3pja3drVERkRmt3a2tXelhOdHF1ZElHNXRvK0hUS2pvdmE5SmpYT1VnU25LU1FNWjBqT2dQZzB6RWxnWGN1QUJyOGpDQzJTRHRDVVJ4MUJSaHdES0N4MDI3U0ZmQml4Q3A5WXFZajF1Nm9zM2QrVmVlaGtGSTlmZmJiektPL1ZaUTg1bEVESHloOUNzSnhpcGIvdnFtZlJCSDNFRHAxcngvR0ZtTWFMRTc5V05GNlZNbzkvMlNqd1hmTStDQnhDSVc0QXdwU1duYTZ0SkFSeGRNMzZxbzV1Q0hXcG4xR3YzbldVU3hWWGhzOTlxeUFVME4rNHdMaDJXMUlPRXFtdnRIKzBTYWsva1JqbllUU3BVdmt2c0hFMkUzTk0wbDBBSWhMeGVhZGhSNmJrdE12dUUwc08xRWtZVzFqZEtnTncvQTNIa2dOUXNBTnRVPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1sOk5hbWVJRCBOYW1lUXVhbGlmaWVyPSJodHRwczovL3Nwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiPkFBZHpaV055WlhReG9GUnpUL2h5WWNSQmFEbjhGUndiTW9zQnF3UjRpNFo4c2x5Nkt3cDZScXRlSGFzbFo2aGhwdGwwRnQ5SzMwWlZDTVVub0NRRjR2dXNJTWtsMTlRYUpTOXYrRmQvOHBXeGpDSDBRcHlTbHZFelg3Y2UwT09aOEFVTVlCdzVyMHovR016VTZTY2ZUUEp6c2t4aXhsQUF1Q1pzS0xlbFNJRTMybElSS1cxYUpUcGlQdUMvbkZlT0labmc1QT09PC9zYW1sOk5hbWVJRD48c2FtbHA6U2Vzc2lvbkluZGV4Pl83ODAyYzNkMDVkYjBkMzhiMTA2MmUyMDQ4MGY0OWU2OTwvc2FtbHA6U2Vzc2lvbkluZGV4Pjwvc2FtbHA6TG9nb3V0UmVxdWVzdD4=
20230412-13:58:03 fail: CIE.AspNetCore.Authentication.CieHandler[7]
      => SpanId:7845f702420191d1, TraceId:9d973da2fea992f2558ae5fdc35981aa, ParentId:0000000000000000 => RequestPath:/signout-cie RequestId:4000134b-0000-fa00-b63f-84710c7967bb
      RemoteSignOutContext.Failed
20230412-13:58:48 info: Microsoft.Hosting.Lifetime[0]
      Application is shutting down...
20230412-13:58:48 dbug: Microsoft.Extensions.Hosting.Internal.Host[3]
      Hosting stopping
20230412-13:58:48 dbug: Microsoft.Extensions.Hosting.Internal.Host[4]
      Hosting stopped

Questi i settaggi

  "Cie": {
    "Provider": {
      "Name": "CIE Produzione",
      "OrganizationName": "CIE Produzione",
      "OrganizationDisplayName": "CIE Produzione",
      "OrganizationUrlMetadata": "https://idserver.servizicie.interno.gov.it/idp/shibboleth?Metadata",
      "OrganizationUrl": "https://www.interno.gov.it/it",
      "OrganizationLogoUrl": "",
      "SingleSignOnServiceUrlPost": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO",
      "SingleSignOutServiceUrlPost": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO",
      "SingleSignOnServiceUrlRedirect": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/Redirect/SSO",
      "SingleSignOutServiceUrlRedirect": "https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/Redirect/SLO",
      "Type": "IdentityProvider",
      "SecurityLevel": 3
    },
    "EntityId": "https://sportellovirtuale.bonificaromagna.it"
  },

[marco-maroni-spot-software]

Ho loggato la risposta SAML ricevuta al signout che genera poi l'eccezzione nella libreria RemoteSignOutContext.Failed e sembra che StatusCode abbia questo valore strano. Qualche idea?

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutResponse
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://sportellovirtuale.bonificaromagna.it/signout-cie" ID="_4f2112cf2ced1d9ecd83bd25f42e513a" InResponseTo="_236de2d5-f43a-4497-9736-cbcf5f16880a" IssueInstant="2023-06-06T08:32:00.897Z" Version="2.0">
    <saml2:Issuer
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SSO
    </saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
            <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"/></saml2p:StatusCode>
        <saml2p:StatusMessage>An error occurred.</saml2p:StatusMessage>
    </saml2p:Status>
</saml2p:LogoutResponse>

questa la Request SAML che ha generato quella risposta:

<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_236de2d5-f43a-4497-9736-cbcf5f16880a" Version="2.0" IssueInstant="2023-06-06T08:32:01.840Z" Destination="https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO" Reason="urn:oasis:names:tc:SAML:2.0:logout:user" NotOnOrAfter="2023-06-06T08:42:01.840Z"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer NameQualifier="https://sportellovirtuale.bonificaromagna.it" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sportellovirtuale.bonificaromagna.it</saml:Issuer>
    <Signature
        xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <Reference URI="#_236de2d5-f43a-4497-9736-cbcf5f16880a">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <DigestValue>OUdRJViggU6ATCVIjcEWb3KT5kVYTDZbtFi/FkB0v1c=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>iewS7KzMfUc2zGRz2m7N1sGUq9Am8rCnUbC1ThSIl8nJodw2N/VPo+WiwfYtBcb7W6jcW1+T1oR0LwGHsw5Wwqa+t0xSam41khgQVvVeRetaqa8KQjkYaefdEPhbTzc/DpwhtL/CgaDQff7fn3E4Y7K/PxHJaZPG6kOI11RQPPJY/qXMGpsx2sqxfRL/3YnYVn5v5zZzOET23yphGGXh3LtpD+WRNpBFObaRzMdIQC4WZnHVXWJNFMBX8iVK/BXbtUKSXnmVkxlKrptN++z89Ar946lZVjD+daTxadqMUPKmHjiykoisFBZkZgyJ5NZQtMekfh1BE3r/k6wm+1f7pWpnnYsU2IW64MHcBjL7bMsTxPBeQxyAYmVR7Mfge/RqmVBmikM0wBsx41HomV5YI44pso/Ev2BVitK7Pb1QJdBaSUgDQjfq7Wi/iknZnzfJb6Bjr3ZWC1m3CPh6tiFlj81L8r6TE3pCQ5kZE718lxM8BQbX2OP/kuyMxWziI99R</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIG6DCCBVCgAwIBAgIUdjdMLBY63s5x+UqORBC2C2PiELswDQYJKoZIhvcNAQELBQAwgcoxLDAqBgNVBAoMI0NvbnNvcnppbyBkaSBCb25pZmljYSBkZWxsYSBSb21hZ25hMS0wKwYDVQQDDCRzcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxNTAzBgNVBFMMLGh0dHBzOi8vc3BvcnRlbGxvdmlydHVhbGUuYm9uaWZpY2Fyb21hZ25hLml0MRYwFAYDVQRhDA1QQTpJVC1jYnJfMDQwMQswCQYDVQQGEwJJVDEPMA0GA1UEBwwGQ2VzZW5hMB4XDTIyMDYyOTA3NDU0NVoXDTIzMDYyOTA3NDU0NVowgcoxLDAqBgNVBAoMI0NvbnNvcnppbyBkaSBCb25pZmljYSBkZWxsYSBSb21hZ25hMS0wKwYDVQQDDCRzcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxNTAzBgNVBFMMLGh0dHBzOi8vc3BvcnRlbGxvdmlydHVhbGUuYm9uaWZpY2Fyb21hZ25hLml0MRYwFAYDVQRhDA1QQTpJVC1jYnJfMDQwMQswCQYDVQQGEwJJVDEPMA0GA1UEBwwGQ2VzZW5hMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA67hPRpD0IvvYk8MdxHqI30Q4k32SnlIrsDEVl8TgkKZqgb0vBfE/9fEsmsWIaUJVPsTbfGm7uT1/CGy/sGFj2I9A0BjhApCBSsKjM+rIkWED7MOa6zNjfs6KJ2d4oFWt1EjpEPYid0RU7HvTE+dV+PSDS/geVvxdaHQvbeY76vTG9Ze49JZzlKYIiq0ngn9JfIvcXyzIx1hNVToDBVWFfUodPa52oVOT8To4WNhhH1cFLQOzkSkBP3Jpdnt/SWQTqhf2ajUXQvXTRHHN8GkPTZqdXrsAni4+aXelVRU0xFYNwkxkleYU4QU+47UxXsAFHumr3dCRpoVYcNE+7ookDiHnw9trhWZCFTiMJp8XJzVURToOMLrG+aMKTMA30pF12QEA7JpI1kf7I/LewbybpMtZLni9FWMcF06/KsRcDzrjbcF3vkfi8GKtl5Ny4t4TlokgbNpUqK8IHtG+680onG+pTEdxE55bc00NQivpjMurCYRAWSIe3QpdehYeQuadAgMBAAGjggHCMIIBvjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIGwDBzBgNVHSAEbDBqMB8GAytMEDAYMBYGCCsGAQUFBwICMAoMCEFnSURyb290MCAGBCtMEAYwGDAWBggrBgEFBQcCAjAKDAhhZ0lEY2VydDAlBgYrTBAEAgEwGzAZBggrBgEFBQcCAjANDAtjZXJ0X1NQX1B1YjAdBgNVHQ4EFgQU43bqp4b+o5CCA/MsT0QjVBv697swggELBgNVHSMEggECMIH/gBTjduqnhv6jkIID8yxPRCNUG/r3u6GB0KSBzTCByjEsMCoGA1UECgwjQ29uc29yemlvIGRpIEJvbmlmaWNhIGRlbGxhIFJvbWFnbmExLTArBgNVBAMMJHNwb3J0ZWxsb3ZpcnR1YWxlLmJvbmlmaWNhcm9tYWduYS5pdDE1MDMGA1UEUwwsaHR0cHM6Ly9zcG9ydGVsbG92aXJ0dWFsZS5ib25pZmljYXJvbWFnbmEuaXQxFjAUBgNVBGEMDVBBOklULWNicl8wNDAxCzAJBgNVBAYTAklUMQ8wDQYDVQQHDAZDZXNlbmGCFHY3TCwWOt7OcflKjkQQtgtj4hC7MA0GCSqGSIb3DQEBCwUAA4IBgQC/GyPc50+jfavcL+oae/dYpUcak8nQGNvBDduXmGS8dunQEE5DouTaX41aOCqQ6hSijKwpyBqejfhP95Eh7l5CeozGmGnHbnZP3+OOEh6BvdjxtW5YshlMpMIxKhGh/GFNdX2O1NPSZVv46vqdko7YI9+ArXHDD0s+VdU8Nx4IzNYYRnB58A/zckwkTDdFkwkkWzXNtqudIG5to+HTKjova9JjXOUgSnKSQMZ0jOgPg0zElgXcuABr8jCC2SDtCURx1BRhwDKCx027SFfBixCp9YqYj1u6os3d+VeehkFI9ffbbzKO/VZQ85lEDHyh9CsJxipb/vqmfRBH3EDp1rx/GFmMaLE79WNF6VMo9/2SjwXfM+CBxCIW4AwpSWna6tJARxdM36qo5uCHWpn1Gv3nWUSxVXhs99qyAU0N+4wLh2W1IOEqmvtH+0Sak/kRjnYTSpUvkvsHE2E3NM0l0AIhLxeadhR6bktMvuE0sO1EkYW1jdKgNw/A3HkgNQsANtU=</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
    <saml:NameID NameQualifier="https://sportellovirtuale.bonificaromagna.it" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">AAdzZWNyZXQx1MRTMkqGfopSciH6EUfVpvKXNfi5OkKZWe6bAx/15CVi+uDKlB6VdkYAbVhtCt0BP3pQP1XYmpiIwRzjP8A8Zd9vA2Tg2yFhw85IAdUGO+RWFhAVW4QzGh8NIGU2/zplNQTjuATxV1QbiN0/FZu1PRPpRXIc87fUaqAO4so3UqfkFu0QsMg1RasDfQ==</saml:NameID>
    <samlp:SessionIndex>_c86a45d8dd5e2fb57e62f30d3de4897a</samlp:SessionIndex>
</samlp:LogoutRequest>

[danielegiallonardo]

Da documentazione: https://docs.italia.it/italia/cie/cie-manuale-tecnico-docs/it/master/protocolli.html#logout Pare che il logout SAML non sia implementato, peraltro in modalità 2 e 3 non dovrebbe neanche essere necessario, dal momento che in queste modalità non è previsto il SSO. Credo vada implementato il semplice redirect verso l'endpoint riportato nel metadata del IdP CIE.

[marco-maroni-spot-software]

Scusami credo di non aver capito, quindi a lato pratico cosa devo fare per evitare che non mi dia errore e io pulisca correttamente la mia sessione?

Anche perché appunto non vorrei aver capito male ma è già quello che fa la libreria ossia una post a

https://idserver.servizicie.interno.gov.it/idp/profile/SAML2/POST/SLO

che è l'url indicato nel metadata del IdP di CIE

ma appunto poi questa restituisce la catena di errori di cui sopra.

[danielegiallonardo]

Si, dal momento che non gestiscono il signout. Io credo che sia assolutamente safe che alla pressione del tasto di SignOut tu pulisca la sessione lato ServiceProvider (cookie, o qualsiasi altro meccanismo tu utilizzi) ed eviti di scatenare il SignOut remoto, evitando di invocare il metodo SignOut() del Controller.