Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
When a SAML flow is executed with IDP initiated login and SP initiated logout, the SAML Logout Response does not get signed even if it is marked to be signed in the service provider configurations.
How to reproduce:
Configure a SAML application in the WSO2 Identity Server. With configurations such as follows.
Execute an IDP initiated SAML flow with a URL such as the follows. With the SAML trace enabled.
This is because we have missed to set the doSignResponse parameter at [1]. This should get fixed if we include the section spDO.setDoSignResponse(authnReqDTO.isDoSignResponse()) at [1].
Describe the issue:
When a SAML flow is executed with IDP initiated login and SP initiated logout, the SAML Logout Response does not get signed even if it is marked to be signed in the service provider configurations.
How to reproduce:
https://localhost:9443/samlsso?spEntityID=saml2-web-app-pickup-manager.com
This is because we have missed to set the doSignResponse parameter at [1]. This should get fixed if we include the section
spDO.setDoSignResponse(authnReqDTO.isDoSignResponse())
at [1].[1] - https://github.com/wso2-extensions/identity-inbound-auth-saml/blob/v5.8.19/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/processors/IdPInitSSOAuthnRequestProcessor.java#L125-L143
Expected behavior:
The logout request should be signed because the configuration is set to do so and the Logout response should look similar to the below.
Environment information (Please complete the following information; remove any unnecessary fields) :