Shibboleth IdP -ADFS : sign out problem

Cantor, Scott cantor.2 at
Mon Sep 24 10:48:23 EDT 2018

On 9/24/18, 9:35 AM, "users on behalf of Marc SAHIN" <users-bounces at on behalf of marc.sahin at> wrote:

> Apparently, Shibboleth does not seem to find "Principal" that sends to ADFS.
> Any help would be much appreciated. 

If you didn't read the standard, then I can clarify that "UnknownPrincipal" refers to an inability to find a session containing a record of an assertion issued to that SP with a matching NameID. There is nothing else to say, really, except perhaps that it is occasionally caused by the IdP being overly strict about the matching process, and comparing what got issued to what was received for logout is worth a look. Don't think that has been an issue much with ADFS though.

-- Scott

More information about the users mailing list