An error similar to the following is shown when the logout URL is called:HTTP 400 type Status report message Identity Provider ID is null. description The request sent by the client was syntactically incorrect (Identity Provider ID is null.).
Configured SAML 2.0 Federation to initiate SLO from the service provider side.
The identity provider cannot be identified due to incorrect or missing idpEntityID.
This issue can be resolved by including idpEntityID in the logout URL (which is a required parameter for Fedlets). This parameter identifies the remote identity provider and is the value you specified when you registered the remote identity provider, which is typically the FQDN. This value should be URL encoded.
An example URL for a SP initiated logout using HTTP-Redirect binding is:https://sp.example.com:8443/openam/saml2/jsp/spSingleLogoutInit.jsp?metaAlias=/sp&idpEntityID=https%3A%2F%2Fidp.acme.com%3A8443%2Fopenam&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
The spSingleLogoutInit.jsp element of the URL is case-sensitive and the URL will fail if this is in the wrong case. For example, including spsinglelogoutinit.jsp in the URL will not work.