My Oracle Support Banner

SSO Logout Not Successful From IDCS - Error in Trace file: User authenticated at IdP different from User specified in the Request message (Doc ID 2796774.1)

Last updated on AUGUST 09, 2021

Applies to:

Identity Cloud Service (IDCS) - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

I have done SSO registration for our site. After this SAML registration was done successfully, we are able to login successfully but when we logout, we get message like, "Logout was only partially successful. Please close the browser window. Click here to go back to the application.". When we checked with OSvC team, they confirmed that the SAML response they are getting for logout from IDCS is indicating a status code of 'Requester as noted below:

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/> instead of status:Success.

User logout is not working properly: logout seems partial, there are concerns for the application users to appear as logged in to the End user even though they are actually not:

SAML trace shows:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
<samlp:StatusMessage>
User authenticated at IdP different from User specified in the Request message

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.