Single Log Out - invalid_logout_response

0 users found this article helpful

Symptoms

In the browser console, the network request for the Single Log Out shows a GET request and returns HTTP code 500.

In the log files, a similar error can be seen:


2023-09-19 08:12:05.918592+00:00 somenode1 awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1351]: Encountered errors during SAML authentication: ['invalid_logout_response']
2023-09-19 08:12:05.918929+00:00 somenode1 awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1351]: 10.2.0.121 GET /api/slo/?SAMLResponse=<someresponse>&RelayState=https%3a%2f%2fsome.domain.org%2fapi%2fslo%2f&Signature=<somesig>&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256 => HTTP 500 (171 msecs)
2023-09-19 08:12:05.928031+00:00 somenode1 awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1351]: Internal Server Error: /api/slo/

Cause

A misconfiguration leads to this behavior.

Resolution

Double-check if the Single Log Out URL is properly configured on the external Identity Provider.

For example, if you are using Microsoft Entra ID (formerly Microsoft Azure AD) and have configured an Enterprise Application: go to Manage > Single Sign-On: Basic SAML Configuration. Validate this setting: Logout Url (Optional). It should be similar to https://workspace.domain.org/api/slo/

Was this article helpful?

Tell us how we can improve it.