ForgeRock Identity Platform
ForgeRock Identity Cloud

SP initiated logout fails in Identity Cloud or AM (All versions) with Identity Provider ID is null error

Last updated Jan 16, 2023

The purpose of this article is to provide assistance if a SP initiated logout fails in ForgeRock Identity Cloud or AM with an "Identity Provider ID is null" error. For example, your logout URL is similar to:

1 reader recommends this article


An error similar to the following is shown when the logout URL is called:

HTTP 400 type Status report message Identity Provider ID is null. description The request sent by the client was syntactically incorrect (Identity Provider ID is null.).

Recent Changes

Configured SAML 2.0 Federation to initiate SLO from the service provider side.


The identity provider cannot be identified due to incorrect or missing idpEntityID.


This issue can be resolved by including idpEntityID in the logout URL (which is a required parameter for Fedlets). This parameter identifies the remote identity provider and is the value you specified when you registered the remote identity provider, which is typically the FQDN. This value should be URL encoded.

An example URL for a SP initiated logout using HTTP-Redirect binding is:

The spSingleLogoutInit.jsp element of the URL is case-sensitive and the URL will fail if this is in the wrong case. For example, including spsinglelogoutinit.jsp in the URL will not work.

See Also

How do I configure IdP or SP initiated Single Logout in Identity Cloud or AM (All versions)?

FAQ: SAML2 federation in AM

SAML 2.0 federation in AM

Implement SSO and SLO

Related Training

ForgeRock Access Management Deep Dive (AM-410)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.