rwum1 (rwum1) asked a question.
Okta SAML SLO response status is 'AuthnFailed'
Integrating Okta SAML SP-initiated Single logout(SLO) into Application. I am trying to make SLO request using HTTP Redirect binding. I configured SLO in okta dashboard. When I tried to make a request using https://www.npmjs.com/package/saml2-js package. I got SLO Response as 'AuthnFailed' (It indicates invalid signature). So I rectified the problem with the help of support team as making the request in below format.
1. queryStr = "SAMLRequest="+ UrlEncodeStr(logoutReqXML)+"&SigAlg="+UrlEncodeStr("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
2. signatureStr = signQueryStr(queryStr); 3. b64Signature = encodeBase64(signatureStr);4. finalReqURL = idpSLOUrl + "?" + queryStr + "&Signature=" + UrlEncodeStr(b64Signature); But, I didn't get the complete solution. By using the above pattern I got the SLO response as 'RequestDenied'.
I see that you've already figured this out by working with one of my colleagues in support on the opened case you have with us. It seems that you had to specify the following in the SP configuration options.
```{
name_id_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
auth_context: {
comparison: "exact",
class_refs: ["urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"]
}
}```
Thank you!
Okta Support.