Normally Shibboleth expects the logout messages to be signed. To do so, please add the following to your <PartnerIdentityProvider> configuration:
SignLogoutRequest="true" SignLogoutResponse="true"
This also requires that you configure a local certificate/private key (eg PFX file) as part of your <ServiceProvider> configuration. The private key is used to sign the logout messages. Shibboleth will need to be configured with the certificate so it can verify the signatures.
Regards ComponentSpace Development
|