[SAML] SOAP SLO denied on IDP
When sending an SLO Request from SP to IDP using SOAP:
{quote} [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP detected as an SLO URL [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SAML method: HTTP-SOAP [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: HTTP-SOAP: SAML Request <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutRequest ID="_3A43E6DC4747B114B1A4F29E7388B851" Version="2.0" IssueInstant="2010-05-28T12:59:33Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP">saml:Issuerhttp://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\n7ImBQ6AqbRnYErKHx8iJclsTxrg=\n\n\nRwh7Y5at66rbx0rzmm3p3x27eFH7Zs8sfupif15RgpwPDr11F8kQamhhU37NjoH8\nT/nqmAnpg6Vb6FyD0kBQ3Q==\n<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://auth.vm2.lemonsaml.linagora.com/saml/metadata" SPNameQualifier="http://auth.vm1.lemonsaml.linagora.com/saml/metadata">_DB52CAE945DE9E1736D67A1958928E10</saml:NameID>samlp:SessionIndexzf9SIllOvEaMXvRqYDZuKkwI8kM50lagPAXxjZAQOFjAsnaU2PXu/nn8TNi9N9h/</samlp:SessionIndex></samlp:LogoutRequest></s:Body></s:Envelope> [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SLO: Logout request is valid [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Found entityID http://auth.vm1.lemonsaml.linagora.com/saml/metadata in SAML message [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: http://auth.vm1.lemonsaml.linagora.com/saml/metadata match lemonldapng SP in configuration [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Signature is valid [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP found in SAML message [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination match URL http://auth.vm2.lemonsaml.linagora.com/saml/singleLogoutSOAP [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SOAP response <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:LogoutResponse ID="_CCA6680BA2797FCC06A03EF5BB31F4C8" InResponseTo="_3A43E6DC4747B114B1A4F29E7388B851" Version="2.0" IssueInstant="2010-05-28T12:59:33Z">saml:Issuerhttp://auth.vm2.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\nw8JJ5aivST95HyUYDqgSrsUhr8U=\n\n\nh4vQZCx22lvWbgyYtiTTa0+Okqa3qmmttsP7NUtEO2dipFtTGVg2r5PbKnzTjUDY\npRY70rqKouSVv2ETJLUD/oCQNWcOhOfaO7LORVKUGe68v+sfC08Zu2S43IrwQ1ed\nNd9ss71gvgxkuiir5PY7NNo6oFQuI53m94vAWLgcKog=\nsamlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode></samlp:Status></samlp:LogoutResponse></s:Body></s:Envelope> [Fri May 28 14:59:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub returnSOAPMessage {quote}
We have a bad status code:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied"/></samlp:StatusCode