SLO not working in SP

Exception:

If using IAM as SAML SP: the SLO doesn't work.

Possible reasons:

  • incorrectly configured SLO URL in sp.xml:
    • must point to SP logout instead of IdP logout
    • must point to <context-path-sp>/SPSloResponder/metaAlias/sp, not <context-path-sp>/SPSloInit/metaAlias/sp (sp may vary in a specific installation)
  • caller of IAM SP calls wrong URL; correct would be /<context-path-sp>/SPSloInit/metaAlias/sp, not /<context-path-sp>/SPSloResponder/metaAlias/sp (sp may vary in a specific installation)
  • Airlock Gateway config is incorrect and blocks SPSloInit due to missing URL encryption exception or missing path in IamSamlAllow allow rule