Forums, Documentation & Knowledge Base - ComponentSpace

SLO Triggering Twice

By joel.white - 8/17/2021

We have an environment set up with a single IDP and two to three SPs. When logging in on one SP, navigating to another (who 'logs in'), returning to the first and attempting to initiate SLO, the SLO fires twice from the SP and the second SLO call fails, breaking the whole SLO.

I have the SAML trace and can email it.
By ComponentSpace - 2/4/2022

I don't think this is the same issue. The log from the OP showed InitiateSLO being called twice by the application.

The log you've sent only shows a single call to InitiateSLO.

Okta is returning a urn:oasis:names:tc:SAML:2.0:status:AuthnFailed status in the logout response.

Please take a look at the Okta system log. Hopefully it has more specific information explaining why it’s returning this error status.

In our testing with Okta, we saw no issues with SP-initiated SLO. The issue you’re seeing might be configuration related.