Why does PicketLink not include NameID format in SAML 2 LogoutRequest when running in JBoss EAP 6/7 ?

Solution Unverified - Updated -

Issue

Why does PicketLink not include NameID format in SAML 2 LogoutRequest when running in JBoss EAP 6/7 ?

  • I have an application that uses Picketlink to set up a SAML2 SSO login with Microsoft Active Directory Federation Services (ADFS)
  • I can succesfully log in
  • When attempting to log out, this is unsucessful, because the SAML2 LogoutRequest generated by picketlink does not include a "Format" attribute in the "NameID" element. This causes ADFS to view the request as invalid and causes the logout request to be rejected.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.4.x
    • 7.1.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content