I’m trying to use SAML with ADFS as identity provider but I got an issue during log-out that is blocking it. When I click on log-out I’m redirect to the ADFS webpage but I get stucked on error MSIS7054. As far as I understand it seems to be an issue with the certification during the log-out procedure.
Anyone could help me?
Here the details and logs…
Error from the log-out ADFS webpage:
Activity ID: 02d14948-b72a-4ae4-720d-0080010000d5 Error details: MSIS7054: The SAML logout did not complete properly. Node name: 07f6ffc9-3f3b-4eed-96ab-2d56388c1d68 Error time: Wed, 09 Nov 2022 16:19:16 GMT Cookie: enabled User agent string: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
The verification of the SAML message signature failed. Message issuer: https://**********/rocket-chat/_saml/metadata/adfs-*****-com Exception details: MSIS7084: SAML logout request and logout response messages must be signed when using SAML HTTP Redirect or HTTP POST binding. This request failed. User Action Verify that the message issuer configuration in the AD FS configuration database is up to date. Configure the signing certificate for the specified issuer. Verify that the issuer’s certificate is up to date. Verify the issuer and server message signing requirements.
Rocket Chat logs:
I20221110-16:26:30.571(1) [2022-11-10T15:26:30.570Z] USERLVL (Meteor/31310 on ip-172-31-31-65): method: “samlLogout” userId: “iBDrzNcQ6B2W8DWgd” userAgent: “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/184.108.40.206 Safari/537.36” referer: “” remoteIP: “*******” instanceId: “S7hZq3dHP8DMjA6EJ” I20221110-16:26:30.577(1) [2022-11-10T15:26:30.577Z] USERLVL (API/31310 on ip-172-31-31-65): status: 200 responseTime: 7 method: “POST” url: “/api/v1/method.call/samlLogout” userId: “iBDrzNcQ6B2W8DWgd” userAgent: “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/220.127.116.11 Safari/537.36” length: “111” host: “**" referer: “” remoteIP: "”
Server Setup Information
Version of Rocket.Chat Server: 4.1.0-17.7 Operating System: Debian 9 Deployment Method: tar Number of Running Instances: 1 DB Replicaset Oplog: NodeJS Version: 12.22.1 MongoDB Version: 5.0.2 Proxy: nginx Firewalls involved: yes