Suomi.fi e-Identification –
Logout request (LogoutRequest)

Print Friendly, PDF & Email
 


An e-service can send a logout request to Suomi.fi e-Identification or vice versa. The structure of the logout request is similar in both situations. Logout requests can be made using HTTP-Redirect (GET) and HTTP-POST SAML2 profiles.

A logout request sent by an e-service (in element saml2:Issuer) to Suomi.fi identification (in attribute Destination) with a HTTP-POST binding.

In these examples, the SAML messages are in their original format, from which they are converted to a format transmitted between the devices.

HTTP-POST (SP-initiated)

<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
 Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/POST/SLO"
 ID="_3dafe578-c764-481e-b89f-e0ee85c2b306"
 IssueInstant="2017-07-18T10:58:19.252Z"
 Version="2.0"
 >
 <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml2:Issuer>
 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
 <ds:Reference URI="#_5ff90866-d79c-40af-b97c-5693c3ccf99f">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
 <ds:DigestValue>FFrrQKu1YpCx1CLIjuO4bEOQpCgnWkitlJ0sP2DYmtc=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
 <ds:SignatureValue>GGff4qNXQHvtyyDJkiM5gxVR6uEuraBUJGOYeW5NkyjFrcR8GqHO5PGIusyeahzXM86saO/kpGamnrvIJbvMXx5r56Pll1SIR3Necci6zdvyu7f4a+u2VcxkmNYeP3uCOK+3nry/1eERugF0W2w947L3k0Zfj0r1JCU+gvIjojWdzmLTdpdJueV8AmwGC/Q0Jxh8Yfeq2wY1nFUFTwEuBKsalDZryz2QtU8yDWLeoh/oggrQFiKLWhybweYm9j5fnsSQt3a6jHqpbvYUWFXl1DM5A63d8gy6yxNjtNF5eedzvO/XuTdi/mti6HKZRkDKi+TbnFu9DsMUqdHjrWIFew==</ds:SignatureValue>
 <ds:KeyInfo>
 <ds:X509Data>
 <ds:X509Certificate>MIIC9jCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCZmkx
EDAOBgNVBAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMM
FmthbGFzdHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJ
KoZIhvcNAQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwHhcNMTcw
NzEyMTAzNzUzWhcNMjAwNDA3MTAzNzUzWjCBlzELMAkGA1UEBhMCZmkxEDAOBgNV
BAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMMFmthbGFz
dHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJKoZIhvcN
AQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJyw8fKRhBV+9FrehLCOZ/3gUxMymL39vNvRArIxRVTH
nVH6O8aqgF6kZWtZZ3CyY8311AiVMLW6CGfN1hHfx0X4Ht89hl6I/xjxy4epEIy+
8Hgc5dUGW4H1y4Cluv+/0+HPK0Q5cBZbK0UJEITQsztJXVzncxXkgW7WL9ls+ZYV
AgMBAAGjUDBOMB0GA1UdDgQWBBS2BqWELR0KeNzzWruj1EtxWllPLzAfBgNVHSME
GDAWgBS2BqWELR0KeNzzWruj1EtxWllPLzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBDQUAA4GBAEcS+hWu2Op0TOdJm4ZhtvJLqgGQ9bj1ICUzsozWIzaQLx83j5Kc
/A/0P57d2h/23fkMnbqbkFCFKt47GEBoo78sUEelj46k/lhuV5BDUEcAeCP7D+UR
GcpDlDzH9RiVL+c42YGElENu6mt2defOYLh16RvnJxR1lzhnSKmJV/Xz
</ds:X509Certificate>
 </ds:X509Data>
 </ds:KeyInfo>
 </ds:Signature>
 <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
 Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
 NameQualifier="testi.apro.tunnistus.fi/idp1"
 SPNameQualifier="https://kalastus.mallikunta.fi"
 >AAdzZWNyZXQxBNEFIM/JFqQo394qYsgFikQ37Fc3y0DFvBDwIB99jIez+fi55snWKtP9u7uZrDJUhcILVz5sypPPjDJ2SyfCDtN18A36KJ8uFW6zddPVgbiU7XaNoF6cuLkHKx6TKd/nChd2LIti9ORQGcH/0GK6YEcJpuDdEpCp6bfZsH+hSA==</saml2:NameID>
 <saml2p:SessionIndex>_d249056df0ee42f5ad68b8a67710c807</saml2p:SessionIndex>
</saml2p:LogoutRequest>

HTTP-Redirect (SP-initiated)

XML message, that is sent as a SAMLRequest query parameter value BASE64 coded.

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
 Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/Redirect/SLO"
 ID="_7891c8499e749afa27c3b375091d69e9"
 IssueInstant="2017-07-20T07:36:20Z"
 Version="2.0"
 >
 <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml:Issuer> <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://testi.apro.tunnistus.fi/idp1" SPNameQualifier="https://kalastus.mallikunta.fi" >AAdzZWNyZXQxuCv8NAYSuCyZcoBq5b9XNIRKipe09Kkscf6irTP/LWxperqMASdFTs9cn3BrRqJS/wSoK5czfvX3Xza7SC6240NmYQ8jJqKl+IThwMcFhpYt/2yDLfKGEL4mWrD72b+7IOcv8oFaZAR7gUZX2i/qLdBka54FONQ82fxpla3COg==</saml2:NameID> <samlp:SessionIndex>_dd899f81ed9539baff725db3c5529a74</samlp:SessionIndex> </samlp:LogoutRequest>
RelayState: ss:mem:7225343aa85efec6d77b1e64f5297f92c0f46fc09954cefc817a48ae5204ed30
SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature: HÖPÖHÖÖaTFD870iqCvZjgpGy/R1KA7r4y7Amo4GwBz5PmOeFJ/Ra8Dv7+roZoMak3PYLhBjSk17o4RIEcbioRJUNhaSqsiw/YjHA1gYz2i/JQKAfSzo7L7VKh7uOuM7niBaaKcsOKDhsJoYUUmOPZj2MbGEqnaqX6YUilf/5aN8tXFqU6f7sA35emMoGHWGNzI5ZNFjuTee/nVlmmO57Sn8yoJ6cCBm1Yf+i9Mtmwro6Fsfa0zRB0Otz+WHMOeki+4pdHefPRF5msQ2s6yUT34Wpb+eodWR2Q/sqrAjp6tdWjW2thyPdHmFen8OZss8axfhSiaybj62De0QKXNOn4A==

HTTP-POST (IdP-initiated)

<saml2p:LogoutRequest Destination="https://kalastus.mallikunta.fi"
 ID="_ff51c16b275409496494f095a396fd43"
 IssueInstant="2017-07-18T10:58:19.252Z"
 Version="2.0"
 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
 >
 <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://testi.apro.tunnistus.fi/idp1</saml2:Issuer>
 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
 <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
 <ds:Reference URI="#_ff51c16b275409496494f095a396fd43">
 <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
 <ds:DigestValue>axOeSp9CAkMrAnmxhRCMqM3vFq8xF7ZOndxpJXElTTE=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
 <ds:SignatureValue>
Moxzyok2fWykMyPVtPrazMwPCSL/AfGS+ygXj+gm4BYHMqvhMNGkJRSq9sfE9Ez4NAW4HI0hbiAO
vqfYe3H519yqMdwIB6G/PsEh1l5ngD82CB47/DoRJdUSYi8rhdDveP/47hrSpnTMwNJY3xJAfi0C
YYB925UcZRogStcmfe45W1T6PjZeFsQo0Y+lmcHf+h4Rltw99DM+Te5FfD+y/TvjU5OebMsTFeDn
J17+IflLfk/2J1gf6PysjBQAlb0idXp+jmbFNgt2NoBGn4JImLITSvPlsRUU1zE6km5Y8sUVyQBN
TsFifK1HiL7qVZNfKEWEq5Disy4tU4sZib1Bnw==
</ds:SignatureValue>
 <ds:KeyInfo>
 <ds:X509Data>
 <ds:X509Certificate>MIIGpDCCBIygAwIBAgIEBgU/RjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJGSTEjMCEGA1UE
ChMaVmFlc3RvcmVraXN0ZXJpa2Vza3VzIFRFU1QxGDAWBgNVBAsTD1Rlc3RpdmFybWVudGVldDEm
MCQGA1UEAxMdVlJLIENBIGZvciBUZXN0IFB1cnBvc2VzIC0gRzMwHhcNMTcwMTMwMTIwMDAwWhcN
MTkwMTMwMTE1OTU5WjCBjjELMAkGA1UEBhMCRkkxEDAOBgNVBAgTB0ZpbmxhbmQxETAPBgNVBAcT
CEhlbHNpbmtpMR4wHAYDVQQKExVWYWVzdG9yZWtpc3RlcmlrZXNrdXMxGDAWBgNVBAsTD1Rlc3Rp
dmFybWVudGVldDEgMB4GA1UEAxMXdGVzdGkuYXByby50dW5uaXN0dXMuZmkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCco3NG6eCQQcU1rXdolmmpvg/+QPD6zc8h4fpDuCYRxoU6oxIp
UT133McFJBhN+ErzonuWkWCqzSv2tP+fcpZgVJVSNIsDA8VD6doIEHUMGtRP+nylKMa461OAJWnI
JmcEotkY1RGG5d95AbUmsrhqCYCF9m+SGX6j2ICc60560wRKd2+McnusxyYaWzAnLcwRkyQRia8J
12+SESCluWbdz4S072m8N8lW2ooqy8AErSVv1VIVUbTHqXRUIBavSZBiDSOnu/KOUSVyPCpQYU8n
nVciiowbr8A+/1MMGUFB0ESH3fMNYtKaa4PUZfZKjnWsRWEtnVUj9aVzM/YNt5QXAgMBAAGjggIh
MIICHTAfBgNVHSMEGDAWgBRbzoacx1ND5gK5+3FsjG2jIOWx+DAdBgNVHQ4EFgQUq5ThkIXBvjOt
nrn3kTQUKvZv8zMwDgYDVR0PAQH/BAQDAgSwMIHXBgNVHSAEgc8wgcwwCAYGBACPegEHMIG/Bgkq
gXaEBWMKIgEwgbEwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZmluZWlkLmZpL2Nwczk5LzCBhQYI
KwYBBQUHAgIweRp3VmFybWVubmVwb2xpdGlpa2thIG9uIHNhYXRhdmlsbGEgLSBDZXJ0aWZpa2F0
IHBvbGljeSBmaW5ucyAtIENlcnRpZmljYXRlIHBvbGljeSBpcyBhdmFpbGFibGUgaHR0cDovL3d3
dy5maW5laWQuZmkvY3BzOTkwIgYDVR0RBBswGYIXdGVzdGkuYXByby50dW5uaXN0dXMuZmkwDwYD
VR0TAQH/BAUwAwEBADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcHJveHkuZmluZWlkLmZpL2Ny
bC92cmt0cDNjLmNybDATBgNVHSUEDDAKBggrBgEFBQcDAjBuBggrBgEFBQcBAQRiMGAwMAYIKwYB
BQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkvY2EvdnJrdHAzLmNydDAsBggrBgEFBQcwAYYg
aHR0cDovL29jc3B0ZXN0LmZpbmVpZC5maS92cmt0cDMwDQYJKoZIhvcNAQELBQADggIBAK/bGsgH
rE74eoJJ82R3D40i1zLUSV7/2VxS8aelbFR2xmHhFnHPptf5bIVhrHq7kgoxqvPKtNDxL9XseRkg
T6kULm9kqXvjU/mh4BSdWxOxJKswHmlFOspoBXp7/Se1q26UhQxh2XBAUt1Sq2eSImH8bRywbrLf
DHzDZ4TLwcxo2DT4zW4UhX8lKfrlFusqb13lWmkQw8+774eBHSrCSAZlK9qrGsb1SIbGc5n6n36t
TpVawlUGVTtZ62Ae86elex2MbQ+76Q7giNaW3hqb71iD1vRExNjER07RTYf8LdoWe+/gKE0Ivebf
36xGkKnc3h8W2g8ej0oyYgbel0fcALG8POAUDU/rJ0ql4BpZDn0xjuruFNLlwrbiwzBTs3TcXGH+
E+cNp4ByeuP9Bu8/DmUSvFl9egyNv/31/vwR5riJMysmXNZn63eH/JXmNYUpdSfRHZ67HrolanDk
KTOM/MjSnNNyrP1Yi0mw+nygirCOG2/Ru9KbbIN8g2YSoZisfgCo8Gzk26t+77AiCfCNQQ5A2OHe
BFVEgxq7a/LzRqjLmaqIIjVyeYEM+rTGR0/x9bPzaRx67be7BgBoYm1Q5uHfU1wbbAb0dIJA10W3
H3Ie7/OoWW3FXwbFn1IQAsJcPB12sw6nBKWCMxszhjzbiOKwmN6El+d9e0KeWt1FL+uS</ds:X509Certificate>
 </ds:X509Data>
 </ds:KeyInfo>
 </ds:Signature>
 <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
 NameQualifier="https://testi.apro.tunnistus.fi/idp1"
 SPNameQualifier="https://testipalvelu.apro.tunnistus.fi"
 xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
 >AAdzZWNyZXQxPh7qs6MRVtG9lu2id3WaaApTMpRYiUpT6PK9/SoQeQ7aDjUlSfrjJ2dC/V+pf0r5/UL12x/IjI0FjtETzo83PwUiNb/iZm5p/19h4XfWQO0aentUS/iP2RnL1+PCkIUtg2Kzrqkgxvdxeo/sJtEZ4b5zfZgL2mhXOLnxcuuYQg==</saml2:NameID>
 <saml2p:SessionIndex>_d249056df0ee42f5ad68b8a67710c807</saml2p:SessionIndex>
</saml2p:LogoutRequest>

 Document history

Version Changes Date/Author
 1.0 Document published on eSuomi 23.02.17 / NP
 1.1  Document updates  27.11.17 / NP

Document identifier: JTO21