[IdP] HTTP-Redirect GET to SamSLO web screen

[IdP] HTTP-Redirect GET to SamSLO web screen

  
Forge Component
(26)
Published on 4 Jul by Telmo Martins
26 votes
Published on 4 Jul by Telmo Martins

Hello,

When I try to do a logout initiated from my IDP (Shibboleth Identity Provider) and an a LogoutRequest is sent by a http-redirect to the  webscreen SamSLO the network trace (of Google Chrome) gives me a 404 (Not Found):

Trying to see where the problem will be, if i cut some characters from the URL query parameter SAMRequest and the URL have less than 2000 characters i dont see this error.

I did a search and checked that via browser the URls should not have more than 2000 characters.

Can be the URL (with the query parameters) generated by the IDP to do the LogoutRequest is too big?

How can I resolve this problem?

The environment is in cloud and the platform version is 10.0.828.0


Thanks in advance.


URL sent from the IDP:

https://dev.sp.pt/Idp/SamlSLO.aspx?SAMLRequest=xVdXb%2BMGEn7XrzCcR8HLTpHG2gF7p1hUSL4EFHsRe5N%2B%2FdH2bs7ZzR2SAId7EaTRlG%2B%2BGc5wvv66XMuHKer6rK5eHqEv4ONDVAV1mFXJy%2BPxwD8Rj7%2B%2Bbr72%2FrWEm2e1TupxsKJ2jPrhgV0%2Fssof3k3TYWj6ZwAIo%2BlLkK0%2BMv8pC780AyCFDWCv9ra6%2F%2BL3zfL4ILEvj79hMEqgKBEjIYqQaBT4PoQTELaD%2FYgMIBxf1fp%2BjKSqH%2FxqeHmEQYh4AsknED%2BA5DMIP2PIFwJHvMeH03f48Bv8NaGqf%2F4A%2FPI4dtVz7fdZ%2F1z516h%2FHoJnm9LU51X1uenqoQ7q8vH1I7%2Fn94DdZw%2F%2F3YHf91H3lv7j6%2Ff0yzrJqqefSchWEvo0u1zqMhrSr8DngN%2FDc1XQ3ZohCiX2H2H4uqwR%2F%2B2F9Qf%2FQQpXqoMLTAYkscMwHydCPwJhjIzhCwzDPuqD2O7x4XBroo8arjnM8%2FxlRr7UXQLAIAgBIAqscFbfv3BldI2q4TvJb%2FH%2BgtUPyFas2spBHT5QZVJ32ZBe%2F4ITP%2BohmHgKLsHfjQ68fg37ZyW6SVVcf7MN%2B%2F9gCQIg%2BWYZ9lnyy0%2BUrk4%2BGA0DLApCksRBFEV9Eo9QNA58BPUhOCYuqP%2F4YEVB1qwtsHbuT93w%2F%2BCv6%2F2n2o%2Bap2sSQ83fR7BSyGbJ%2BsT%2Fxdh%2FILJPfejx71G%2FVg3406w%2FV%2FP9u4OB5Fuv%2F%2F6DeXsg4izwh%2BhVkyTWujMMlW0TapZoKpFkaj8W9ig7IVkeNQoUGLsVbOmCsCZHM%2FOR0th6Ye6UTCf6iabcA1XSR82c5w2TuOzJNBWW0gUTMhfxQF0%2BlDSNF%2FXZga0yzLDcP59GFy5T9VwWakWDGo067IGDNTaY9TsH6odg2ein%2Bk2IfBausnmfc6pGFQIFHTk61Zgjby4sSykfgeoVsMeeWC7U6P5dh5rn4yZA6NgTTrB61Rvv%2FIaAG%2FyzOQaiOScJl%2F2YJmUeKQqVaHam3v5XqHqlxmTu1tIiG8zZ7eWFm11qR1Ix0A1emhIFcyJuGV5lWtYGAmVB8JHdto51tBrIvqTZpMUwRPMiShlKsRN26p5VAoLc5OeShAdhIsS%2Bu0O6i0RRfejVOXURtsjLC69x0zQrDpAc3JEOkjoL4JiXrfsEEXmWy%2F2Vxkdwq80SaGyM0OBtpz8YCo1pxL3HWMc%2B39KzQLHHZELrimEziZbI3CqSmaJgCTqMfZxNUgIQMV0RwtRpnKTfxTDabyyzUZpM6GT3zJW1IiFTdbfrrdKTOqSbMbVN3LhVFET3Jg442ZTcxZl0ckOIAQnecwki8HqJxBQ0kpwNYnYBzt6qBdsPxsrpdOrA6Iod3faA7oqwpBKNpighP7L0XqPBt8qFbGKeadruZ9jZKybKOeLduzgcv5E4Gzb4IYQPVPxWdtHWOIGlzsmfKH%2FS1d51LY2jDxRLmSLwVvXNj939VnbKpK1r3UHahIgkM6GaAy1Gdh1dzyEakvcGvGmkPeDeXVAWz1XLcgFXK4KzuRZ6a%2Bt4ZOK%2BWQ60URW5ad0gYNDIYZJ46xwj6TU0CO1O6A1zlxc5ovv91asBoxhydR%2F26s1nsi5O5nijFSen3cqiyo6AxRWeGUfA%2BXLpPEyjTXIXQQVXEqqq3%2B6V6WIOxhgqbhrqHHujegPwW2XFNBIwZEe01mZoc4liBn7bGVXj0Is6w4sPcT5cng8kZK97y%2BFbogyr%2BtaqADA2XhrCBXHeH9FwipIbLZ12N53sQSqANpzSgNt6mpwKpzzcRqHlDMuKyrfrBhWHDqwLCnHHEGv1OuDOw65Q9XXyBwlK6u1X4E%2FG0O%2FCj0EFfB5h71OOyZo06t5X9j%2FaDR%2F2J78co9cc11JAEhwF15QaavOT2PhbrhmK4x7KB8NTbYpHCK6CyJ3uOaRXIX1UektP8vszcLWgXOGvC7%2BVkSZHNkulgX6SmnMfNhRvQFrjsjrS6VKbyqKuCK6ikuO66vK6Bs8Ks9NsTVIok8NkSEd0JB6dK0rRSUCT%2BH0DDuKo4MFdOw6MjLXLLdlN%2FHICEbnJrFYWg22685kwS4%2FxRNvWsvSiJkeLcsetUuNaMsS8%2Bym1KadK75tiu%2BR0EwwxWULTpNhtOcy8LOiCa1xBLA4NOgC2LgTu9o2lH8vh0MI3YiBosWh4gb3BpapDIqHPNsR4G98kxqyIBt0YQvku5dsJ8%2BIJ36Ek4oKev93iswckLy%2FfltJnuv8g%2Blbfn14b%2Ftc19%2BejH8MdyBn3SGYwatyijbFjopNtEXShGfsDqAYsyzhXEuIA5CCq5BHAGYkD05jFJUQdWsRNUkPb7dJNtSiAhlkzitHJqYzcYt16B6wwJW%2BO4RHCepvb80TLjJHj%2BIXlHdy9J2ZLcaZRNri4oH4nyZu%2BpEEPspsw8%2F1TUBz2OODuLpO1uKrbHzp%2Fbx0QYQ%2BrQ8JP4lm8ebJtKSN0s3ajDzoXI0eIskPSvKgMg3M0TEvabnPEI7gWz42mdUdyFBREEKSebIigbxL5REplN2WIxKG3PXdHF%2BhORfoWR1bqhqjE98SVSJWrzDTyLdueN1sxu1j51mwIa%2B%2BCRzNKuu1KC8ozQ0CR1qDhWUZliK1R1%2BhU7%2FH%2Bnou52KF2bsvSFLcpR04GxdASgUYboThJsLNsAyHY2ff97bztui3iCH4egWcuxC1rhi15EGYlIgeFpfNcpexdD91ust1ZUFotNbPVDhexgE8brKx3SsVlWWCM0WHW%2BEVMJFJTnS41ZLs8b0dg6OyBR%2BgWJ25cYlfXu2RtUxQVeD9XFjgJleJo6WZlRpszBcB3dbrEMWrscCHSlb23YMk%2Fa%2BVvwp8OltfvJ6Id9W%2FHmFSF0fL6W%2BSDFxxHsfXUAwP%2FcvHJSwwSMAGi5A4Fd5dvnn4w%2B136h3vz9V8%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=fDPum2iGzojyP6SNshT%2FV0Nv73VU914z78TR9YaMwAE12LGP2VwhQ96S3lX8wJyeIChZhhLqJL0cEL78lrJnmJVeBEbn4R8D02Sd6WsrggC4ScNw%2Bkux9xKipBKlLm67EJombTnswzsI6GSWuUpmfdQHjLmoC9YZN%2FqxNRwYP8vcd1R07BRkJdpnwiruNXbynILlxA0I1cnqcg289HsLgbXFYK8BBkliLEEWSnPpxPBzziVJGvp%2BCOArmhMhOta4wImVLvgxIzwoky%2B%2FBC5y0AlnLhXmJScGsl39WZuhbU%2FLlhGIsFaQlKcHnf4GgMEZlXeycjhdhtuBYBS4Lvlp%2FA%3D%3D




Hi Mauro, 

the message itself seems valid and usually it takes much less than 2K size. For such cases use HTTP-Post instead of Http-Redirect.

Regarding the message content, you will be not able to use it on IdP component. The NameID value (inside the xml message) it's encrypted (not usual to seen) which is the reason for the big length of the message, as also is not supported by the component. Your IdP server should sent it in a NameID node instead of an EncryptedID node.

Regards