PicketLink responds with 400 Bad Request to a samlp:LogoutRequest
jeanluc Dec 1, 2010 4:47 PMAny idea about the possible causes? The scenario is an IDP-initiated logout request (send to the SOAP binding url). The IDP is OpenAM.
Does PicketLink require a differently-formatted request?
Thanks again,
JL
POST /myapp/SingleLogoutService.seam HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Content-Length: 890
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.6.0_20
Host: my.app.server:8280
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Body>
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="s26af984e253bf5a65a66643246dd61877d8afeeef"
Version="2.0"
IssueInstant="2010-12-01T21:35:07Z"
Destination="http://my.app.server:8280/myapp/SingleLogoutService.seam"
NotOnOrAfter="2010-12-01T21:45:07Z">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
http://my.sso.server:8080/openam
</saml:Issuer>
<saml:NameID
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
NameQualifier="http://my.sso.server:8080/openam"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
mbmo
</saml:NameID>
<samlp:SessionIndex xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
s25f360fbe4fba2820db784ab99397044879827701
</samlp:SessionIndex>
</samlp:LogoutRequest>
</soap-env:Body>
</soap-env:Envelope>
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Set-Cookie: JSESSIONID=62A6CD4A134994B0C7744927018738FE; Path=/myapp
Content-Type: text/html;charset=utf-8
Content-Length: 967
Date: Wed, 01 Dec 2010 21:35:32 GMT
Connection: close
The request sent by the client was syntactically incorrect ()
(For brevity, I removed the HTML decoration from the response body)