SAP Knowledge Base Article - Preview

3080798 - There is no configured SLO endpoint for trusted Identity Provider

Symptom

After logout from an application using Identity Authentication as a proxy, the user is receiving "HTTP 400 - Identity Provider could not process the logout message received" UI error, instead of the session logout and redirect to the landing page.

Meanwhile, the Identity Authentication Troubleshooting log is showing the below error:

Identity Provider could not process SAML2 logout message.Error during sending LogoutRequest to Service Provider Caused by: There is no configured SLO endpoint for trusted Identity Provider

The SAML trace might show <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed" /> in LogoutResponse. Since the logout from the corporate IdP is not with status Success, at Identity Authentication side is returned partial logout to the application: <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:PartialLogout" />


Read more...

Environment

Identity Authentication

Product

Identity Authentication 1.0

Keywords

IAS, SLO, 400, error, partial, logout, corporate, idp , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.