SessionIndex should not be mandatory in SAML SingleLogoutRequest
In our SAML IDP code, we require the SessionIndex in SLO request to make the full logout:
# Get session index
my $session_index;
eval { $session_index = $logout->request()->SessionIndex; };
# SLO requests without session index are not accepted
if ( $@ or !defined $session_index ) {
$self->lmLog(
"No session index in SLO request from $spConfKey SP",
'error' );
return $self->sendSLOErrorResponse( $logout, $method );
Reading SAML specifications, this attribute is optional (saml-core-20-os.pdf, chapter 3.7.1):
<SessionIndex> [Optional]
The identifier that indexes this session at the message recipient.
So we should be able to accept these SLO request, and see how a logout is possible without the SessionIndex. This can be an option to activate per SAML SP.