Symantec Access Management

  • Private Community

  • 1.  An error occurred during the logout process. Please close your browser.

    Posted Feb 07, 2018 09:32 PM

    I was trying to implement SLO. And after performing logout user is getting "An error occurred during the logout process. Please close your browser." in browser. What exactly is the error and how to fix this?

    Attachment(s)

    zip
    trace_ca_2.zip   28 KB 1 version
    zip
    fiddler2.saz.zip   36 KB 1 version


  • 2.  Re: An error occurred during the logout process. Please close your browser.

    Posted Feb 07, 2018 09:34 PM
    It could mean many thing.

    Can we see agent trace log ,FWSTrace.log and fiddler?




  • 3.  Re: An error occurred during the logout process. Please close your browser.

    Posted Feb 08, 2018 03:28 AM

    Hi, I have found something in FWSTrace.log:

    "TUNNEL STATUS:
       status  : 21
       message : Issuer is not found; unable to verify signature. Session ID: i9WMSTRJAdqb6pomtZA7jCr+FW8= Issuer: null:host]"

    Attaching traces.

    Attachment(s)

    zip
    fiddler2.saz.zip   36 KB 1 version
    zip
    trace_ca_2.zip   28 KB 1 version


  • 4.  Re: An error occurred during the logout process. Please close your browser.

    Posted Feb 08, 2018 04:54 AM

    Hi Marekw,

     

    We could see that the SLOSAMLRequest is not having valid Name ID, hence it is failing to process the logout.

    error:

    [02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][
    TUNNEL STATUS:
    status : 10
    message : Name ID is invalid in the logout request. Issuer: SP:sp1 Session ID: i9WMSTRJAdqb6pomtZA7jCr+FW8=]
    [02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][

     

    <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_4abac167-eebe-45c6-a791-d15dbeb227f4" Version="2.0" IssueInstant="2018-02-08T08:23:25Z" Destination="http://host.example.com:88/affwebservices/public/saml2slo" ><saml:Issuer>sp1</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" SPNameQualifier="sp1">host</saml:NameID></samlp:LogoutRequest>

     

    Below is the Name ID from SAML response:

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SuperUser</ns2:NameID>

     

    Please check why SP is sending invalid NameID in logout request while redirecting to Siteminder.

     

    Thanks,
    Sharan



  • 5.  Re: An error occurred during the logout process. Please close your browser.

    Posted Feb 08, 2018 09:38 PM

    Hi, this "SuperUser" is my user name used to login. What should be there?

     

    I have :

    Name ID Format: Unspecified

    Name ID Type: User Attribute
    Value: name

    on my IdP to SP Assertion Configuration.

     

    Should I change this or SP is sending wrong request that should be more like:

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sp1</ns2:NameID>

    ?



  • 6.  Re: An error occurred during the logout process. Please close your browser.

    Posted Feb 28, 2018 08:08 AM

    Hi,

     

    SP is sending the wrong nameID in the SLOSAMLRequest. Please ask them to send the valid nameID.

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SuperUser</ns2:NameID>

     

    Thanks,
    Sharan