SLO failure after 15 minutes - SessionNotFound

Matej Zagiba matej.zagiba at
Wed Sep 25 17:16:37 EDT 2019

Thank You Scott,

On 25. 9. 2019 16:59, Cantor, Scott wrote:
> On 9/25/19, 10:47 AM, "users on behalf of Matej Zagiba" <users-bounces at on behalf of matej.zagiba at> wrote:
>> Everything works nicely first 15 minutes, then logout ends with error - SessionNotFound
> Logout plus non-member on list == no real support from me, beyond a cursory glance. Logout is a bright line.
>> idp.session.StorageService = shibboleth.ClientPersistentStorageService
> That's wrong, it should be shibboleth.ClientSessionStorageService. Whether it's fatal or not, I doubt it.

Corrected, did not help (as expected).

> The IdP only tracks one session per SP per IdP session. The log
> suggests you have the same SP involved in two separate logins or
> logouts from the same user in the same session and either the second
> login overwrote the first but the logout request refers to the first,
> or the second logout came in after an earlier one that worked.

It's unlikely. It is test idp instance, only I use it. So I can see all traffic in and out.
All SAML messages were connected to previous email, there was just one AuthnRequest and response and one LogoutRequest with response.
sessionID was same in response to AuthnRequest and in LogoutRequest. There is nothing in the logs between those events except for
metadata reload. I'm totally baffled. Could it be something SP specific?


More information about the users mailing list