<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00005vUA8lSAGOkta Classic EngineSingle Sign-OnAnswered2019-02-02T22:04:16.000Z2019-01-31T10:25:20.000Z2019-02-02T22:04:16.000Z

sairama.94897 (Customer) asked a question.

January 31, 2019 at 10:25 AM
Getting AuthFailed response in okta logoutResponse.

I have enabled single logout in okta with signoutUrl, spIssuer, SP certificate i,e exported from the spkeystore.

BindingType: HTTP-Redirect

Please find the below LogoutRequest and Response:

 

*SAML LogoutRequest:

 

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:LogoutRequest Destination="https://dev-368508.oktapreview.com/app/wittydev368508_samplesamlapplication_1/exkffil8u7n6aI3aF0h7/slo/saml"

           ID="_5yfpkrb3ltfv7gcrjtoovsuiei9gpveo6gpbgjz"

           IssueInstant="2019-01-23T11:20:56.253Z"

           Version="2.0"

           xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

 <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:mace:saml:wavity.org</saml2:Issuer>

</saml2p:LogoutRequest>

 

-------------------------------------------------------------------------------------------------------------------------------

 

*SAML LogoutResponse:

 

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:LogoutResponse xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"

            Destination="https://witty.wavity.net/auth/logout"

            ID="id119722988383056781797678074"

            InResponseTo="_5yfpkrb3ltfv7gcrjtoovsuiei9gpveo6gpbgjz"

            IssueInstant="2019-01-23T11:20:56.957Z"

            Version="2.0">

 <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"

        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exkffil8u7n6aI3aF0h7</saml2:Issuer>

 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig*">

  <ds:SignedInfo>

   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*" />

   <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more*rsa-sha256" />

   <ds:Reference URI="*id119722988383056781797678074">

    <ds:Transforms>

     <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig*enveloped-signature" />

     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*" /></ds:Transforms>

    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc*sha256" />

    <ds:DigestValue>+BepWNepyvp8IKLPQpqUwuJo/CBQDjHqg+JG/+gPv0Q=</ds:DigestValue>

   </ds:Reference>

  </ds:SignedInfo>

  <ds:SignatureValue>

YkqmLSBtG3jAogNR1hQmDXfHmNaVVVi5L8flV0qfTqqWScZZqf5b/m5Pvae0VQ0sqoDpme33z35gZgS/Y8K0NhMCDN+HT1F0Qyd5S4v3/pLO9HaT4sWDxjOIQxbCkTwJzdgAxMyusGGhA+hOnJNX3RtztFfGjxHWW33uKonGw5Wd/YnCn+bXQYBG1kXXH69hLFYDctJnab5L8+f9AX5SREpXhLo+YtBY34WUFihSQQylI48OAZ94Lh4GlmzxbnH1rq9FXmyzPNOdhJ58j2SDkoAzndhlKolQqYKX+QJLlkPgIcG4gbvKuN+9CbUh1PalecO2dhpxM6zFSzlLhQn9lA==

</ds:SignatureValue>

  <ds:KeyInfo>

   <ds:X509Data>

    <ds:X509Certificate>

MIIDpDCCAoygAwIBAgIGAWPtO0ISMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0zNjg1MDgxHDAaBgkqhkiG9w0BCQEW DWluZm9Ab2t0YS5jb20wHhcNMTgwNjExMDUwMzMzWhcNMjgwNjExMDUwNDMzWjCBkjELMAkGA1UE

     BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMzY4NTA4MRwwGgYJ KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA gIMKZl+/4JmVU/VAS9t9RJbgQIlC2jGE2g6H/8MjELRphB6yyFgOUt4WpfMHdmQs0SOInhXNqTlo

     LEGTYSkCJi8xojYi+5P3oChWCztyn3Zk93VNY23tZtjtaFL9Ix7JAUi0GLYYuxhZv9nghAMq2VWP 9R1mQISetAABfHaIp1xARr/jdJY3+De9qtMEJQAmCWkv8RXEJgdEBsbVU+jBOxP18l5nX17enasB jbfpOicppVLf15KquBrMZz4/j2Veu1bHFLEX4gA7DbYA0czRUSd6OQJzQWc++0bFXKZO1fGzTjoY pZRsIvm916shOlOT/sETcafOiBQYPrYfVnT/eQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBM8W87

     XzPvg600jg3BSGZh9DgVzLLqYWuFNV1TAR6IcqfoKrRGaVbjKqFN8bZ3uExWHBmYR/+up1HibWH2 Mmb2LupBe9mE0oz8m6GJ61qDv4QEFmGyEuxN9fA/UH/yogyK+mjixiDSpyqjd6O0HkAHThy2oRtU U/LrXh6mDn+ONIuv7eH+c1H/TyixXMudlV4szq5krcKcKCe7gFjKPFtZ3iCo0soWrYgSqXqBYN3H VfXZ2YIfS9VYfjrQSxhzKJdzpMu+YobKOTtGNV58cdzqCYEHkNsUDutPnvk6R8rRwdR/HrUbMXSI

     aCMEn51U+pLUD7UCLe4N4iOF+N3Z76O4

</ds:X509Certificate>

   </ds:X509Data>

  </ds:KeyInfo>

 </ds:Signature>

 <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

  <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" /></saml2p:Status>

</saml2p:LogoutResponse>

 

Getting the status in the LogoutResponse from okta as AuthFailed. Can I know the reasons for this status.

  • 1 answer
  • 1.29K views

  • alin.moroie1.5293318114314724E12 (Vendor Management)

    Hi Sairam,

     

    The LogoutRequest needs to be signed in order to be validated by Okta and from what you have posted, yours contains only the issuer and destination.

This question is closed.
Loading
Getting AuthFailed response in okta logoutResponse.