Hi

We have ISVA 10 I have setup a SAML Federation using the Quick Connect template.

I have added a partner to SAP IAS. This works fine except they require a signed slo response.

I have retrieved the Partner json via rest service and added the slo details:

"singleLogoutService": [

{

"binding": "post",

"url": "https://ag6mqs9to.accounts.ondemand.com/saml2/idp/slo/ag6mqs9to.accounts.ondemand.com"

}

],

I savedthis applied etc and it seems to work but SAP IAS insists on a signed slo response. I tried to add this option in json:

"signatureSettings": {

"validationOptions": {

"validateLogoutResponse": false,

"validateNameIDManagementRequest": false,

"validateAuthnRequest": true,

"validateNameIDManagementResponse": false,

"validateLogoutRequest": false,

"validateArtifactResponse": false,

"validateArtifactRequest": false

},

"validationKeyIdentifier": {

"keystore": "auth-ppe.sanlam.co.za",

"label": "SAP-EnableNow"

},

"transformAlgorithmElements": {},

"signingOptions": {

"signAssertion": false,

"signAuthnResponse": false

},

This did not sign the slo response as I hoped it would. Is there something I need to add to sign the slo response?

thanks

To clarify I changed "validateLogoutResponse": false, to "validateLogoutResponse": true, it did not help.

The quick connect templates are designed to setup the partner with a preset fixed configuration. For this issue you used the Generic template, this has fixed values that can not be changed.

The solution to this is to not use a quick connect template. You will need to setup the federation and partner the normal method without using the quick connect template.

Thank you for your response I will add a new Federation, and agreement.

Hi - Thanks for your input I created a new SAML Federation without Quick Connect and now the SLO works with signing.

thanks again for the pointers.