Cantor, Scott cantor.2 at
Tue May 2 10:42:17 EDT 2017

> I'm seeing a number of these errors popping up in my idp-process.log. After
> some Google searching, I saw some history related to missing attribute data
> in the database or LDAP backend.

The error strongly suggests an SP is issuing incorrectly formed LogoutRequest messages to that IdP that have an empty NameID element in them, which is invalid in SAML. (That's not evident from the message, it's just from searching the source code to identify where it appears.)

I will add a more defensive check for that to avoid having it manifest in a way that's not helpful.

> Also, could this be related to differing session configurations on the IDP and SP?

The IdP and SP have nothing to do with each other in regard to "configurations" of any sort.

-- Scott

More information about the users mailing list