Hi,
I’m using an Auth0 application with SAML add-on enabled for an application which has multiple service providers. (Service providers are not configured in Auth0).
I’m getting the below error when submitting a LogoutRequest.
No active session(s) found matching LogoutRequest
SAML add on configuration
{
"mappings": {
"user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"groups": "http://schemas.xmlsoap.org/claims/Group"
},
"createUpnClaim": true,
"passthroughClaimsWithNoMapping": true,
"mapUnknownClaimsAsIs": false,
"mapIdentities": true,
"signatureAlgorithm": "rsa-sha1",
"digestAlgorithm": "sha1",
"lifetimeInSeconds": 3600,
"signResponse": false,
"typedAttributes": true,
"includeAttributeNameFormat": true,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
"logout": {
"callback": "https://tenant.auth0.com/samlp/hash/logout",
"slo_enabled": true
},
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
}
Note that audience
, recipient
and destination
parameters are not set because I have multiple service providers with different URLs. Therefor those values will be taken from the request itself (according to the documentation). However I believe Auth0 compares the issuer
value in the logout request with the audience
value in the config. In my case there’s no audience
value in the config.
I was told that
If you have multiple service providers you should create an application with the SAML add-on for each of them.
My question is can I create multiple SAML add ons for one application? If not how can I create multiple applications with same metadata.xml
(with same login URL)? Because my application supports only one IDP.
Thanks.
Yasith