Symptom
After logout from an application using Identity Authentication as a proxy, the user is receiving "HTTP 400 - Identity Provider could not process the logout message received" UI error, instead of the session logout and redirect to the landing page.
Meanwhile, the Identity Authentication Troubleshooting log is showing the below error:
Identity Provider could not process SAML2 logout message.Error during sending LogoutRequest to Service Provider Caused by: There is no configured SLO endpoint for trusted Identity Provider
The SAML trace might show <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" /> in LogoutResponse. Since the logout from the corporate IdP is not with status Success, at Identity Authentication side is returned partial logout to the application: <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:PartialLogout" />
Read more...
Environment
Identity Authentication
Product
Keywords
IAS, SLO, 400, error, partial, logout, corporate, idp , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.