Unable to create SAML Signature on AzureAD SSO Logout using IdP

I've been trying to integrate AzureAD login for one of our traditional web applications using IdP forge component. I have followed the guide from the training excercises - https://www.outsystems.com/training/lesson/1884/integrate-specific-applications-with-okta-using-saml-exercise.

Signing in works as expected. The application redirects to AzureAD, user is prompted to enter credentials and it redirects back to the application. Logout however throws the following error.

On checking the SAML Message Logs in the IdP component it shows that the logout request is also valid.



I have verified the logout request using an online saml validator (Not sure how useful it is - https://www.samltool.com/validate_logout_req.php).

On further inspection, I have found the following error in the ServiceCenter error logs.

>
I've tried changing the AzureAD provider, readding the metadata, changing the certificate etc. to no avail. Please guide me on how to move forward or point me in the right direction.

Also this is the logout flow I use for the traditional web application.


Thanks


Hi my solution for that was bypassing the signature method and the log out start work as expected 

Here is my solution, hope to help you 

Best regards

Thanks a ton ! It's working as expected now.
Could you tell me if bypassing the signature method has any security implications ?

If is working can you please add my answer as a solution?

In terms of security the I think the base Microsoft are maintained by my understanding this is just if you need to have better security in this case you add the signature to the URL 

Regarding the accepted answer above by João Martins Pereira, it appears this is no longer necessary if you use IdP version 5.0.3, which is currently listed as "Under Development". 

This version fixes this problem without having to alter the logout preparation flow.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.