1 of 1 people found this helpful
I think this is maybe be related with some issue when the IdP tries to process SP's LogoutRequest. I would recommend you to use SAMLTracer to check if the IdP is responding to the SP with a LogoutResponse. Only after a LogoutResponse (or LogoutRequest if multiple SPs are involved) the SP will invalidate the user session.
After a thorough testing with the help of quickstarts, we debugged the logout flow in the code. There will be a SAML logout request to IDP by SP. In turn, the IDP returns a SAML logout response to SP. In my case, I was not receiving any response from IDP.
We had to identify the proper logout url, which sent us the SAML logout response. Picketlink at SP side processed the logout response and invalidated the session.
Pedro, thank you for the hint.
Finally, we had implemented SSO successfully into our application and is working without any issues.