[Migration] Signing the SAML Logout Response for IDP Initiated SSO Flow #16325
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
In previous IS versions, when response signing is enabled for a SP, the logout saml response will be signed for SP initiated SSO flows but will not be signed for IDP initiated SSO flows. This bug was fixed through wso2-extensions/identity-inbound-auth-saml#399 where now the behaviour will be changed to receive a signed logout response if response signing is enabled for both sp initiated and idp initiated sso flows.
After this change, by default, the SAML logout response for SP initiated SSO and IDP initiated SSO login flows will be signed if the Enable Response Signing property is enabled in the Service Provider. But if a customer requires the previous behaviour where the SAML logout response during IDP initiated SSO flow is not signed, the following config can be added to the deployment.toml.
Related issue: #16207
The text was updated successfully, but these errors were encountered: