Hello,
I'm working on integration between PicketLink (as SP) and OpenAM (as
IdP), using the picketlink-federation-saml-sp-with-metadata example.
While I succedeed to get login working, when I click on the Logout link,
I'm redirected to the SingleSignOnService URL (with a logout
assertion) instead of the SingleLogoutService one (see the
sp-metadata.xml attachment). As you can see, the "Destination" in the
LogoutRequest is correct, but the POST is send to another URL:
--8<--
POST
http://idp.tests.opencsi.com/openam/SSOPOST/metaAlias/example/idp HTTP/1.1
Host:
idp.tests.opencsi.com
--8<--
Note the SSOPOST is only referenced as SingleSignOnService in the
metadata.xml
I tried to read the picketlink code souce, but I'm not a java
developper, so I don't understand when the getLogoutURL function of
CoreConfigUtil is called!
By the way, I was not able to find the code source (in git) of
picketlink versions used in JBoss EAP (like the 2.5.3.SP10 used in JBoss
EAP 6.3, only a 2.5.3Beta can be found in github) it doesn't help
debugging! Is the tag/branch available somewhere?
Thanks!
--
http://www.opencsi.com/