New slo shape improves compatibility

Tested with: - Azure AD - keycloak
metabase · Apr 26, 2024 · b680a8e · b680a8e
1 parent 399a475
commit b680a8e
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/saml20_clj/sp/request.clj b/src/saml20_clj/sp/request.clj
@@ -102,15 +102,15 @@
   (assert (non-blank-string? idp-url) "idp-url is required")
   (assert (non-blank-string? issuer) "issuer is required")
   (assert (non-blank-string? user-email) "user-email is required")
-  [:samlp:LogoutRequest {:xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
+  [:samlp:LogoutRequest {:xmlns "urn:oasis:names:tc:SAML:2.0:protocol"
+                         :xmlns:samlp "urn:oasis:names:tc:SAML:2.0:protocol"
                          :xmlns:saml "urn:oasis:names:tc:SAML:2.0:assertion"
                          :Version "2.0"
                          :ID (or request-id (str "id" (random-uuid)))
                          :IssueInstant instant
                          :Destination idp-url}
-   [:saml:Issuer issuer]
-   [:saml:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} user-email]
-   [:samlp:SessionIndex "SessionIndex_From_Authentication_Assertion"]])
+   [:Issuer issuer]
+   [:NameID {:Format "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"} user-email]])
 
 (defn logout-redirect-location
   "This returns a url that you'd want to redirect a client to. Either using