none
Invalid signature parameters send from Office365 in SAML 2.0 LogoutRequest (SP-Initiated)

    Question

  • I'am using the Office365 with my Identity Provider to login that successful works. But, after press Sign out, the Office 365 sends to my Identity Provider one Logout Request in SAML 2.0. The request is send by HTTP-Redirect and look like this:

    SAMLRequest:lVLNb9sgFL9P6v+AuGP8IFkj5LirFFWy1HbS+nHYpQKMOyYbUh6pkv31I0576yb1yOP3Ca+52E8jeXUJfQxrClVNiQs29j48r+nD/RVb0Yv27EuDehq36jo+x13+4V52DjMp1IBqvlnTXQoqavSogp4cqmzV3eXNtRJVrbYp5mjjSEm3WdMnfW4AtDVsL2HB5FewzEi9YqYeBQyL3wmEpOTxPZQ4huoQd64LmHXIZVTDitULBvJe1GoplJSVkPVPSjYlmA86z8xfOW9RcT4dmO9dyD4fWMnyWg6psnGqTOK+33IcI6elJSGkmY3Sqdv/W2lEl45GtD3CBldUZ2N1422KGIf8PYw+uIafRN8cbotSt/mcA7mKadL533CoYJ74ng0zVLlJ+/Gy75NDpO3+8OdbeYZ52PBThLc8p6+9K7Di1IXe7dsnCdaBXg5MiyUwKYxmYDUwYc6tsU4sDciGf8Asq8I/2JX2Lw==
    Signature:Gp83CE6jm7b+Cv8lbg7TDCIWtO1a7Ml+Y5bN1+UuVzoZYf0WytrV3bnYssmLnvzbGn4XSIjbc7QPnlIcnnGSTw2LkMHy3qu0CCQaiXIZZKdvTSgaItAvUIaOS8bR8C9F6LzY1u/nkKrZDc4yFaU+RknzXVoN8I7C7qpQ+WVxuWYZgovqKrLsKrugvbxPQL1NMQ3fLMiPHvRCDhgIbDbr6N3th4HPcVC+GCGd/tVDQYL7QHu0FIAsayz2XVDsPfTnGAfNrOQDVCkH7vmq7fs4m3LDQP3uX1Ya/Ezml8UM/bJ4FOysM1RWJ60SRti2/Yh+tuseRRebEnc8p3SmMuyT4g==
    SigAlg:http://www.w3.org/2000/09/xmldsig#rsa-sha1
    PS: The SAML Request are changed because i need ommit some informations for send this post.

    For validate signature i try using the certificates presents in https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml but without success.

    The others Service Providers are successful signature validated, but only Office365 don't have a success (with HTTP-REDIRECT Binding).

    For final validate, i using the one login tool for validate logout request (https://www.samltool.com/validate_logout_req.php) and i have a same result (Invalid Signature) for request sended by Office365.

    Someone help with this problem?
    Monday, April 16, 2018 12:31 AM