Exception:
If using IAM as SAML SP: the SLO doesn't work.
Possible reasons:
- ●incorrectly configured SLO URL in sp.xml:
- ●must point to SP logout instead of IdP logout
- ●must point to <context-path-sp>/SPSloResponder/metaAlias/sp, not <context-path-sp>/SPSloInit/metaAlias/sp (sp may vary in a specific installation)
- ●caller of IAM SP calls wrong URL; correct would be /<context-path-sp>/SPSloInit/metaAlias/sp, not /<context-path-sp>/SPSloResponder/metaAlias/sp (sp may vary in a specific installation)
- ●Airlock Gateway (WAF) config is incorrect and blocks SPSloInit due to missing URL encryption exception or missing path in IamSamlAllow allow rule