I use Azure AD B2C as a SAML IDP. It's works well expect SingleLogout flow. When LogoutRequest from B2C comes to (my app) ITfoxtec it crashes because this request is not signed. I can't force Azure AD B2C to sign its' requests as well as I can't skip signing verification for ITfoxtec. Could you help to fix it ?
Best regards, Alexandr Zolotarev
The SAML 2.0 standard require both the LogoutRequest and the LogoutResponse to be signed. The ITfoxtec Identity SAML package follows the SAML 2.0 standard and it is therefore not possible to disable the signature check.
If you like you could down load the code and change it to not validate the signature.