Hi David By default we store SAML SSO session state in the ASP.NET session. I suspect the ASP.NET session is being cleared or abandoned prior to calling SAMLServiceProvider.ReceiveSLO. Please ensure that your application doesn't clear or abandon the ASP.NET session until after calling SAMLServiceProvider.ReceiveSLO. If there's sensitive information stored in the session, you can remove these specific entries at the time of logout but don't clear the entire session until after SAML logout completes.
Regards ComponentSpace Development
|