OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Telling IdP about logout failure in LogoutResponse?

Hi Cantor,

Sorry for not being very clear in my previous message.

I just want to communicate back from SP to IdP that we were not able to process the LogoutRequest successfully.

Is there any particular attribute or element that we can include in the LogoutResponse that will convey this information to the IdP?

Looking at the spec, I can't find anything like this. Ref: [https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf Section 3.7.2]


On Thu, Nov 5, 2015 at 8:11 PM, Cantor, Scott <cantor.2@osu.edu> wrote:
On 11/5/15, 7:36 AM, "Muhammad Anas" <anastts.pk@gmail.com> wrote:

>I am working on a SAML 2.0 Service Provider. We have implemented both IdP-Initiated and SP-Initiated Single Logout. I was wondering, if we receive a LogoutRequest from IdP but for some reason, are not able to invalidate the user's session on our end, can we communicate this logout failure back to IdP so that may be it can show an appropriate error message to the user or do any other proper handling?

You don't control, really, any aspect of a logout UI, but you communicate the result back in the LogoutResponse. I think I'm not understanding your question, because if you got to the point of actually implementing any of this, that would have been pretty self-evident, so maybe you can clarify.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]