3080798 - There is no configured SLO endpoint for trusted Identity Provider - Identity Authentication Service

Symptom

After logout from an application using Identity Authentication as a proxy, the user is receiving "HTTP 400 - Identity Provider could not process the logout message received" UI error, instead of the session logout and redirect to the landing page.
Identity Authentication Troubleshooting log is showing the below error:Identity Provider could not process SAML2 logout message. Error during sending LogoutRequest to Service Provider Caused by: There is no configured SLO endpoint for trusted Identity Provider
The SAML trace might show <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" /> in LogoutResponse. Since the logout from the corporate IdP is not with status Success, at Identity Authentication side is returned partial logout to the application: <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:PartialLogout" />

Environment

Identity Authentication

Product

Identity Authentication 1.0

Keywords

IAS, SLO, 400, error, partial, logout, corporate, idp, Identity Provider could not process the logout message received, SLO endpoint , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.