Flussso SingleLogoutService non corretto!!

[lespaul121]

Salve,

sembra esserci un problema nel flusso di logout con due SP ed un solo metadata su https://demo.spid.gov.it/

abbiamo sue SP è un solo metadata dove sono definiti due SingleLogoutService il primo è SP A ed il secondo SéP B. Il problema si verifica al momento del logout.

Abbiamo SP A e SP B

L’entityid è https://spid.ordineingegneri.genova.it

SP B fa la richiesta di lgout, questo è quello che succede

SP B → IDP

<samlp:LogoutRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”
ID="_d5d33e126819c99c46e98b3d9b732f22" IssueInstant=“2021-11-24T14:00:01Z” Version=“2.0” Destination=“SPID Validator 1”>
<saml:Issuer NameQualifier=“https://spid.ordineingegneri.genova.it” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://spid.ordineingegneri.genova.it</saml:Issuer>
<saml:NameID NameQualifier=“SPID Validator 1” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:transient”>SPID Validator 1</saml:NameID>
samlp:SessionIndex_d80abd01-6472-4fe5-a4c6-40bf2d5fa05f</samlp:SessionIndex>
</samlp:LogoutRequest>

IDP → SP A

<samlp:LogoutRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”
ID="_d5d33e126819c99c46e98b3d9b732f22" IssueInstant=“2021-11-24T14:00:01Z” Version=“2.0” Destination=“SPID Validator 1”>
<saml:Issuer NameQualifier=“https://spid.ordineingegneri.genova.it” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://spid.ordineingegneri.genova.it</saml:Issuer>
<saml:NameID NameQualifier=“SPID Validator 1” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:transient”>SPID Validator 1</saml:NameID>
samlp:SessionIndex_d80abd01-6472-4fe5-a4c6-40bf2d5fa05f</samlp:SessionIndex>
</samlp:LogoutRequest>

SP A → IDP

<samlp:LogoutResponse
xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”
ID="_6ec700ea-bf8b-46ac-9e22-cb5a005282f9"
Version=“2.0”
IssueInstant=“2021-11-24T14:00:03Z”
Destination=“https://spid.ordineingegneri.genova.it/ordineingegnerigenova/module.php/saml/sp/saml2-logout.php/service 1”
InResponseTo="_d5d33e126819c99c46e98b3d9b732f22">
<saml:Issuer
Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”
NameQualifier=“SPID Validator 1”>
SPID Validator 1</saml:Issuer>

samlp:Status
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>

</samlp:LogoutResponse>

IDP → SP A

<samlp:LogoutResponse
xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”
xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”
ID="_6ec700ea-bf8b-46ac-9e22-cb5a005282f9"
Version=“2.0”
IssueInstant=“2021-11-24T14:00:03Z”
Destination=“https://spid.ordineingegneri.genova.it/ordineingegnerigenova/module.php/saml/sp/saml2-logout.php/service 1”
InResponseTo="_d5d33e126819c99c46e98b3d9b732f22">
<saml:Issuer
Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”
NameQualifier=“SPID Validator 1”>
SPID Validator 1</saml:Issuer>

samlp:Status
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>

</samlp:LogoutResponse>

Fine il logout avviene su SP A

Quale può essere il problema? Grazie a chi mi risponde