<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008C3jp0SABOkta Classic EngineOkta Integration NetworkAnswered2025-06-14T10:29:51.000Z2017-11-28T14:59:04.000Z2017-11-28T14:59:04.000Z

MANOJS.32253 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Getting 403 error on logout
Hi Team, I am trying to configure SAML SLO. When logout request is sent from my SP, I am getting 403 error. below is my saml logout request

  
  1.  <samlp:LogoutRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://dev-999713.oktapreview.com/app/zohodev999713_samlidp_1/exkd1fnqm7P9leWe20h7/slo/saml" ID="ME_a4001cf3-9151-4d52-8217-c26703db525d" IssueInstant="2017-11-28T14:49:18Z" Version="2.0"> <saml:Issuer>https://manoj-3374:9988/mc/SamlSPMetaServlet</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#ME_a4001cf3-9151-4d52-8217-c26703db525d"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>Ho1zJuQ2GWuS03KpuJSpL4UJJj0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> gz2mUQy+/8/rHtXJpns/HPOKOeOWpue39IENs4FSmUni6KF0kyjT8E5XobwRCrT1TqzmQuCVfGuE OCrMFu+C/IG5SPb3eXG2EEP3Krc5JqLL5sf/PVuIV6HSJWUNniO/IGCOI/5Ny1k2WF3tvC9ihhJc tAgKB9kiYW6wp2/UwyYIIdZWCUqWGQQa9L+1Z0G6SUfwaQZ92JRgWl1WBXCRJs8tGRfpJn9motzD jNn1griN7zfOR2j+VysTZJ2599Jonoa25Te5tgkS3upBK579j7XYx3q26tJctC1zRtfWd0dml11l ycvMVFA+GdLpjzCtcGnAd8LG73lL6h7L1bHz7Q== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIDRDCCAiwCCQDZCHUD4hLI6jANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJJTjELMAkGA1UE CBMCVE4xEDAOBgNVBAcTB0NIRU5OQUkxDTALBgNVBAoTBFpPSE8xJzAlBgNVBAMTHm1hbm9qLTMz NzQuY3Nlei56b2hvY29ycGluLmNvbTAeFw0xNzExMTMwOTM1NTZaFw0xODExMTMwOTM1NTZaMGQx CzAJBgNVBAYTAklOMQswCQYDVQQIEwJUTjEQMA4GA1UEBxMHQ0hFTk5BSTENMAsGA1UEChMEWk9I TzEnMCUGA1UEAxMebWFub2otMzM3NC5jc2V6LnpvaG9jb3JwaW4uY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAut6HptaSxrLrBvsDa2R+c86jwgpcTUemoBO6QYnNkgwALWfZamTI 0V0ibMvKrYi4kSbpZ6NJDSV3iI3Etbl9fsLOST1OE5VyzFzajrw17KCofwHhx1hZjCKDuii5xE5r Q+fDuCRLr1Fr/TBHgNCK1NaecibimY+YW31oCDjCyBFpGMcv6pU6A5w/P7CNGkhpugbl+MQY/6zD A19yy+3bJbNMR1IYSraUpxT8GUfQlsM5qnY4amRSq99lFr84xrVypKhf+IzGs9VuFVU9/RhQCTt0 qeaJEv1kmrcNuvG5nO4/fAI74O66w8MdyT8MjUP4tiyDHfifFfJ+CKZkRE/tPQIDAQABMA0GCSqG SIb3DQEBBQUAA4IBAQCGTC7zABPYsxKTtjILpGPZnOTl+lEYSIByNOiwrCE/rP7Caff/horVpIW0 PbjP8LcpCy0mBGP7IynOipNkG8ynWcPUf29RQlCK5lIT9bhOTylsxceegsuW2SzVcxnyYoFLZY+G LD+qf5ONKAanJ75YPzRX1rdEvpGEeH25wdl5/cLQqLqw+LzCKfypJldDw+KWuVVX4wjZ7XaaZzhT xvvJhP/mPDtpZJL1EiIErICy9qqRiCl+Z6Eab4DwS01iJxAHmtGTuLVo0+DEr6z4ovJ0LHUDP/TK Xgw+M4IMW0rTzeaKV4hDHauYE1A89FOdMXc32QRD+yeuOh9k7i5OLoqX </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" SPNameQualifier="https://manoj-3374:9988/mc/SamlSPMetaServlet">manojkumar.krishnamurthy@zohocorp.com</saml:NameID> </samlp:LogoutRequest>
 Kindly assist me on this. 

  • 1 answer
  • 1.43K views

  • JP Manansala (Okta, Inc.)

    Hi Manoj,

     

    Thanks for posting your inquiry in Okta Support Community Portal.

     

    You need to make sure you enable the "Enable Single Logout" feature in Custom AIW SAML wizard and correctly input the following (assuming the SLO function is support by the SP):

     

    SP SLO URL

    SP Issuer

    Public Key Certificate

     

    But I do recommend to submit an Okta support case to further assist you on this function.

     

    Best,

     

    JP Manansala

    Expand Post
This question is closed.
Loading
Getting 403 error on logout