Shibboleth 3.2.1 SAML logout fails: No active session(s) found matching LogoutRequest

Cantor, Scott cantor.2 at
Mon May 23 20:28:00 EDT 2016

> In Shibboleth 3.2.1, SP initiated SAML logouts are failing and the
> corresponding log entry seems to indicate that it can't find an existing session
> to complete the logout request:
I suggest you stop turning logging up to 11, you're just making the logs hard to follow by including material that is off by default and doesn't add anything to help you debug it. An application-layer issue has nothing to do with Spring.

> Is there something missing in the SP's logout request?

I would have to check the code, but what's missing is the NameQualifer atribute, and I don't recall under what conditions it will default it in when matching. That's a behavior in the SP that's making interop problems more likely, and under some conditions it would be a bug if it's omitting it no matter what.

-- Scott

More information about the users mailing list