Symantec Access Management

Expand all | Collapse all

An error occurred during the logout process. Please close your browser.

  • 1.  An error occurred during the logout process. Please close your browser.

    Posted 02-07-2018 09:32 PM

    I was trying to implement SLO. And after performing logout user is getting "An error occurred during the logout process. Please close your browser." in browser. What exactly is the error and how to fix this?

    Attachment(s)

    zip
    trace_ca_2.zip   28K 1 version
    zip
    fiddler2.saz.zip   36K 1 version


  • 2.  Re: An error occurred during the logout process. Please close your browser.

    Posted 02-07-2018 09:34 PM
    It could mean many thing.

    Can we see agent trace log ,FWSTrace.log and fiddler?




  • 3.  Re: An error occurred during the logout process. Please close your browser.

    Posted 02-08-2018 03:28 AM

    Hi, I have found something in FWSTrace.log:

    "TUNNEL STATUS:
       status  : 21
       message : Issuer is not found; unable to verify signature. Session ID: i9WMSTRJAdqb6pomtZA7jCr+FW8= Issuer: null:host]"

    Attaching traces.

    Attachment(s)

    zip
    fiddler2.saz.zip   36K 1 version
    zip
    trace_ca_2.zip   28K 1 version


  • 4.  Re: An error occurred during the logout process. Please close your browser.

    Posted 02-08-2018 04:54 AM

    Hi Marekw,

     

    We could see that the SLOSAMLRequest is not having valid Name ID, hence it is failing to process the logout.

    error:

    [02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][
    TUNNEL STATUS:
    status : 10
    message : Name ID is invalid in the logout request. Issuer: SP:sp1 Session ID: i9WMSTRJAdqb6pomtZA7jCr+FW8=]
    [02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][

     

    <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_4abac167-eebe-45c6-a791-d15dbeb227f4" Version="2.0" IssueInstant="2018-02-08T08:23:25Z" Destination="http://host.example.com:88/affwebservices/public/saml2slo" ><saml:Issuer>sp1</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" SPNameQualifier="sp1">host</saml:NameID></samlp:LogoutRequest>

     

    Below is the Name ID from SAML response:

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SuperUser</ns2:NameID>

     

    Please check why SP is sending invalid NameID in logout request while redirecting to Siteminder.

     

    Thanks,
    Sharan



  • 5.  Re: An error occurred during the logout process. Please close your browser.

    Posted 02-08-2018 09:38 PM

    Hi, this "SuperUser" is my user name used to login. What should be there?

     

    I have :

    Name ID Format: Unspecified

    Name ID Type: User Attribute
    Value: name

    on my IdP to SP Assertion Configuration.

     

    Should I change this or SP is sending wrong request that should be more like:

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sp1</ns2:NameID>

    ?



  • 6.  Re: An error occurred during the logout process. Please close your browser.

    Posted 02-28-2018 08:08 AM

    Hi,

     

    SP is sending the wrong nameID in the SLOSAMLRequest. Please ask them to send the valid nameID.

    <ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SuperUser</ns2:NameID>

     

    Thanks,
    Sharan