Exception:
If using IAM as SAML SP: the SLO doesn't work.
Possible reasons:
- incorrectly configured SLO URL in sp.xml:
- must point to SP logout instead of IdP logout
- must point to
<context-path-sp>/SPSloResponder/metaAlias/sp
, not<context-path-sp>/SPSloInit/metaAlias/sp
(sp
may vary in a specific installation) - caller of IAM SP calls wrong URL; correct would be
/<context-path-sp>/SPSloInit/metaAlias/sp
, not/<context-path-sp>/SPSloResponder/metaAlias/sp
(sp
may vary in a specific installation) - Airlock Gateway config is incorrect and blocks
SPSloInit
due to missing URL encryption exception or missing path in IamSamlAllow allow rule