rctv4 (rctv4) asked a question.
Okta logout is not working and giving me 403 error
I have configure SLO in saml setting
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor entityID="http://www.okta.com/exka3db5gACdilkce696" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig*"><ds:X509Data><ds:X509Certificate>MIIDrDCCApSgAwIBAgIGAX2ls6ApMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFzAVBgNVBAMMDnNhdmFuYWluY2xvd2VyMRwwGgYJKoZIhvcN
AQkBFg1pbmZvQG9rdGEuY29tMB4XDTIxMTIxMDE4NTQ1MloXDTMxMTIxMDE4NTU1MlowgZYxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0w
CwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEXMBUGA1UEAwwOc2F2YW5haW5jbG93
ZXIxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCkC8wQOJPY0AFxsbBzoGk4gJF9CYD9OpHaCeBe7B9MLqSD/FZAfAliBBNf0bZK+leT
7OmuXUnJC7dWBIyt+qRJ2A+zTDLRJA657UvUoSd5WoCvl4SHpo7NQHJlr6rHGD44/vcJKi3fef1z
RSbjQ1z/KwZMwIOzZto48r/k+2oAGv6MPsm3RhgzalULkKUukqIlbDB8QfGxUx/7lZsQ6hNyyHc0
cHMps2cAjXsIsZvsSkAcQVZpZdB1WTP6N3cvUNDtWNnocE5ip1ImE1wVSzp4ehWrkhecVoTUnRil
7ylegPRDPPj8qRx2R9VuiK6FNPhBM8dj+/lbTWFvRfMpoqUrAgMBAAEwDQYJKoZIhvcNAQELBQAD
ggEBAD6EfUsSeWojNApSbYSKw5No3FISItLfXsln9NhXV/SXV7/qD9siIpI1YUf8Hdrl1MuHBHZY
7mq2qUxJelYchzd1MJz7KgEzusnQiozLJN2xr+DilLGp1poDPmPiRmRqx95eax0R8/H7tz85moIf
Y8N3NIhwNEFhWAS69ZuBzrp6FUjOeTLYvkf7bcW9JpVZr2ukgCN7imXF7gOJG9Ofm/pMqoOtcu++
cuFrz41+5EriHhLSfT2FgbUF1WVeBi/vnHoNgeBVNs1DpP2sX+hGnamw2Yb0zSs2oLqP9n+XFB2M
5R0dxzlJIiN4MQcs6YSINnCqEDCApMlOfU/DKKNZlpY=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://savanainclower.okta.com/app/savanainclower_savana_1/exka3db5gACdilkce696/slo/saml"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://savanainclower.okta.com/app/savanainclower_savana_1/exka3db5gACdilkce696/slo/saml"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://savanainclower.okta.com/app/savanainclower_savana_1/exka3db5gACdilkce696/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://savanainclower.okta.com/app/savanainclower_savana_1/exka3db5gACdilkce696/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
Hello @rctv4 (rctv4)
Thanks for posting.
You need to make sure you enable the "Enable Single Logout" feature in Custom AIW SAML wizard and correctly input the following (assuming the SLO function is support by the SP):
SP SLO URL
SP Issuer
Public Key Certificate
Okta supports SP initiated SLO for more details follow the below article:
Configure Single Logout in app integrations
https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Single_Logout.htm
If you follow the above and still have issues, please create a support ticket so we can provide you with additional assistance.
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.