I am using MS CRM dynamic CRM portal as SP and using Okta as IDP. I can succesfully login. And when I tried to logout getting
<saml2p:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:AuthnFailed”/> </saml2p:Status>
In saml2p:LogoutResponse response. Please suggest what is the error due to that at IDP side signout is not working. Please help on this .
Have you setup logout at Okta, sorry for a dumb question?
Yes, I have setup logout at Okta end. I have uploaded Okta certificate in advance setting and configure single signout url.
Logout Request
<saml2p:LogoutRequest xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion” ID="_b1b21e4f-d38a-42b3-87e2-20c9048117af" Version=“2.0” IssueInstant=“2020-04-19T12:38:05.7909718Z” Destination=“https://dev-468059.okta.com/app/gldev468059_communitytip_1/exk5m6moirfv8qays4x6/slo/saml” NotOnOrAfter=“2020-04-19T12:48:05.7909718Z”>
saml2:Issuerhttp://www.okta.com/exk5m6moirfv8qays4x6</saml2:Issuer>
<saml2:NameID Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”>rajnath1987@gmail.com</saml2:NameID>
saml2p:SessionIndex_243bdf2a-eeaf-4942-a5ad-9c6b7920aeea</saml2p:SessionIndex>
</saml2p:LogoutRequest>
I checked in Okta System Log, getting following message
User single sign out from app
failure : Invalid Signature
Then the certificate, which you uploaded to okta is not the correct one from MS CRM. Double check, it’s a correct certificate
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.