在我的应用程序中,单次注销工作正常,但在 Idp 上处理注销请求后,我在 /Saml2/Acs 点得到响应。我不确定这个 URL 是从哪里来的,所以有什么特别的方法可以在 SP 端配置这个端点,因为我无法控制 Idp。
为了提供更多详细信息,以下是登录/注销请求响应
<!-- Loging Request -->
<saml2p:AuthnRequest
AssertionConsumerServiceURL="https://service.provider.com/server/Saml2/Acs"
Destination="https://identity.provider.com/nidp/saml2/sso" ID="id969024c5919e47148622d87bd40724ad"
IssueInstant="2019-04-08T10:51:03Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer>https://service.provider.com</saml2:Issuer>
<saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>
<!-- Loging Request -->
<!-- ##### -->
<!-- Login Response -->
<samlp:Response Destination="https://service.provider.com/server/Saml2/Acs"
ID="idNammIIHbKBac2pGfdbHqHFTwy9w" InResponseTo="id969024c5919e47148622d87bd40724ad"
IssueInstant="2019-04-08T10:51:49Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>https://identity.provider.com/nidp/saml2/metadata</saml:Issuer>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
<saml:Assertion ID="idqn4Szd8L-wAJQojG9-4j-JAaXzo" IssueInstant="2019-04-08T10:51:49Z" Version="2.0">
<saml:Issuer>https://identity.provider.com/nidp/saml2/metadata</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns="http://www.w3.org/2000/09/xmldsig#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#idqn4Szd8L-wAJQojG9-4j-JAaXzo">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">/KjwtCOlMQllJ8/rw22iowBNeEM=</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
SIGNARTURE-REMOVED
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
CERTIFICATE-REMOVED
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="https://identity.provider.com/nidp/saml2/metadata"
SPNameQualifier="https://service.provider.com">00001234</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="id969024c5919e47148622d87bd40724ad"
NotOnOrAfter="2019-04-08T10:56:49Z"
Recipient="https://service.provider.com/server/Saml2/Acs"/></saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-04-08T10:46:49Z" NotOnOrAfter="2019-04-08T10:56:49Z">
<saml:AudienceRestriction>
<saml:Audience>https://service.provider.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2019-04-08T10:45:27Z"
SessionIndex="idqn4Szd8L-wAJQojG9-4j-JAaXzo">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="achternaam"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">LastName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="rollen" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">role</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">f.lastname@company.come</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="tussenvoegsel"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">middle</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="voornaam" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">FirstName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="uniqueid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:AttributeValue xsi:type="xs:string">00001234</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
<!-- Login Response -->
<!-- ##### -->
<!-- Logout Request -->
<saml2p:LogoutRequest Destination="https://identity.provider.com/nidp/saml2/slo"
ID="idd2e66a13b3ed43b29a9fd06724723ea2" IssueInstant="2019-04-08T10:52:54Z" Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer>https://service.provider.com</saml2:Issuer>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="https://identity.provider.com/nidp/saml2/metadata"
SPNameQualifier="https://service.provider.com">00001234</saml2:NameID>
<saml2p:SessionIndex>idqn4Szd8L-wAJQojG9-4j-JAaXzo</saml2p:SessionIndex>
</saml2p:LogoutRequest>
<!-- Logout Request -->
<!-- ##### -->
<!-- Logout Response -->
<samlp:LogoutResponse Destination="https://service.provider.com/server/Saml2/Acs"
ID="idIANzyBI5tg2fB2dWOxcSrDA4bko" InResponseTo="idd2e66a13b3ed43b29a9fd06724723ea2"
IssueInstant="2019-04-08T10:52:55Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>https://identity.provider.com/nidp/saml2/metadata</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns="http://www.w3.org/2000/09/xmldsig#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#idIANzyBI5tg2fB2dWOxcSrDA4bko">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">dcdadDJVjgx1hzfs/OK0eBHVbEc=</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
SIGNARTURE-REMOVED
</SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
CERTIFICATE-REMOVED
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
</samlp:LogoutResponse>
<!-- Logout Response -->