SAP Knowledge Base Article - Preview

3438029 - Logout fails with error "HTTP Status 400 - Identity Provider could process the logout message received" when IAS acts as proxy to delegate the authentication to corporate identity provider

Symptom

  • IAS acts as proxy to delegate the authentication to corporate identity provider
  • During logout, the following error is returned by IAS:
    HTTP Status 400 - Identity Provider could process the logout message received
  • In IAS troubleshooting logs, the following errors can be found:
    "Identity Provider could not process SAML2 logout message. RedirectPayload is not signed. "
    "ASJ.saml20_sp.010003# Service Provider SLO endpoint received RedirectPayload from Identity Provider [xxxxxxxxxxxxxxxxxxxxxxxxx] that is not signed."
    or:
    "Identity Provider could not process SAML2 logout message. SLO message is not signed."
    "ASJ.saml20_sp.010006# Service Provider SLO endpoint received SLO message from Identity Provider [xxxxxxxxxxxxxxxxxxxxxxxxx] that is not signed." 


Read more...

Environment

Identity Authentication

Product

Identity Authentication 1.0

Keywords

SLO "single logout" signature , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.