SAML - HTTP-Redirect instead of HTTP-POST at Single Logout Skip to main content
https://support.okta.com/help/answers?id=9062a000000bm67qaa&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Piet HeijnPiet Heijn 

SAML - HTTP-Redirect instead of HTTP-POST at Single Logout


Hi there!

I'm currently building an online php application for which I'm using Okta as Identity Provider. It's a mulit tenant app (tenants are recognized by url (ex. https://server.com/saml/{tenant}/login)).

Single Sign On is working just fine, but the fact that Single Logout doesn't work is becoming a big issue. I figured that it's because the library I use (onelogin/php-saml), only supports the HTTP-Redirect binding at SLO, but Okta sends a HTTP-POST response by default. Is there an option so that we Okta uses HTTP-Redirect instead of HTTP-POST?

Thanks in advance!
- Roban


BTW: Here is the error and stacktrace I constantly get: OneLogin_Saml2_Error in Auth.php line 211: SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding in Auth.php line 211 at OneLogin_Saml2_Auth->processSLO(false, null, true, object(Closure)) in Saml2Auth.php line 110 at Saml2Auth->sls(true) in Saml2Controller.php line 87 at Saml2Controller->sls('demo') at call_user_func_array(array(object(Saml2Controller), 'sls'), array('tenant' => 'demo')) in Controller.php line 80 at Controller->callAction('sls', array('tenant' => 'demo')) in ControllerDispatcher.php line 146 at ControllerDispatcher->call(object(Saml2Controller), object(Route), 'sls') in ControllerDispatcher.php line 94 at ControllerDispatcher->Illuminate\Routing\{closure}(object(Request)) at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52 at Pipeline->Illuminate\Routing\{closure}(object(Request)) at call_user_func(object(Closure), object(Request)) in Pipeline.php line 102 at Pipeline->then(object(Closure)) in ControllerDispatcher.php line 96 ...
Ezazul BhuiyanEzazul Bhuiyan (Okta, Inc.)
Hi Piet,

Thank you for contacting Okta support. Looks liek there was a case previously opened for this issue with Case Number
00218266

I've researched this issue and Okta only sends a HTTP-POST response for single logout requests.
If you require Okta to send a HTTP-Redirect or cannot alter your app to accept HTTP-POST, this is something Okta don't have with the current offering.

Looks like you have already posted this on the community forum-

https://support.okta.com/help/articles/Knowledge_Article/Submit-Product-Ideas-to-the-Okta-Community

This area is regularly monitored by our Product Management team and if they find the feature request is popular, they might consider it as part of the product roadmap. 

As part of our Support process, usually we will close out this support ticket as there is no further action require from support side. However, could you let me know if you have further concerns on this before we proceed to resolve this ticket?
 
Thank You,

Okta Global Customer Care