SLO not Working: Invalid NameID in SAMLRequest

book

Article ID: 208849

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

Siteminder IDP is receiving a signed SLO request (SAMLRequest) via POST binding, and the request is resulting in only a partial logout and an Invalid NameID error.

Cause

NameIDs are case sensitive, so the SP must preserve the case of NameID as received in the assertion when making an SLO request back to the IDP.

Environment

Release : 12.8

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

SP needs to be configured to always preserve the case of NameID when making SLO requests to the IDP.