Forums, Documentation & Knowledge Base - ComponentSpace

SLO - The request cannot be fulfilled because the message received does not meet the security requirements of the login service.


https://www.componentspace.com/forums/Topic11189.aspx

By seanrco - 10/6/2020

Hi,

We are currently using component space on a Service Provider (SP) web application. The client Identity Provider (IdP) in this case is running Shibboleth. SSO is working fine, but when trying to request SLO getting the following error message response:

Web Login Service - Message Security Error
The request cannot be fulfilled because the message received does not meet the security requirements of the login service.

Currently have the saml config PartnerIdentityProviders configured as follows (renamed some entries for privacy):


<PartnerIdentityProviders>
<PartnerIdentityProvider
Name="idp_name"
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleLogoutServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
PartnerCertificateFile="_________.cer"
SingleLogoutServiceUrl="https://www.idp.domain/idp/profile/SAML2/POST/SLO"
SingleSignOnServiceUrl="https://www.idp.domain/idp/profile/SAML2/POST/SSO" />
</PartnerIdentityProviders>


I've attached the following logs for additional information:

-- Logout_Post = Post made by our SP to IdP SLO.
-- Logout_Response = Response back from IdP SLO.
-- slo-error = Shibboleth IdP log provided by client with responses.

Not sure what we should troubleshoot from here? Thanks in advance for the help!

EDIT: Removed original log attachments from topic after resolution for privacy.
By ComponentSpace - 10/7/2020

You're very welcome. Thanks for the update.