Thanks for sending the log file.
Please note that the "pending SAML action is being overridden" is a debug message and doesn't necessarily indicate an error.
The log shows the following sequence:
1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP. 2. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.
This results in the debug message you see as we're expecting to receive a SAML logout response.
If the sequence was the following, you wouldn't see this debug message:
1. SAMLServiceProvider.InitiateSLO is called to create and send a SAML logout request to the IdP. 2. SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response from the IdP. 3. SAMLServiceProvider.InitiateSSO is called to create and send a SAML authn request to the same IdP.
Make sure that your logout service endpoint calls SAMLServiceProvider.ReceiveSLO to receive and process the SAML logout response. This completes the SAML logout flow.
Once that completes, the user is able to again SSO to the IdP.
You can keep track of this state within your application. Alternatively, SAMLServiceProvider.IsSLOCompletionPending() returns true if a SAML logout response is pending.
Regards ComponentSpace Development
|