SSO Logout Not Successful From IDCS - Error in Trace file: User authenticated at IdP different from User specified in the Request message
(Doc ID 2796774.1)
Last updated on MARCH 30, 2023
Applies to:
Identity Cloud Service (IDCS) - Version N/A to N/AInformation in this document applies to any platform.
Symptoms
I have done SSO registration for our site. After this SAML registration was done successfully, we are able to login successfully but when we logout, we get message like, "Logout was only partially successful. Please close the browser window. Click here to go back to the application.". When we checked with OSvC team, they confirmed that the SAML response they are getting for logout from IDCS is indicating a status code of 'Requester as noted below:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/> instead of status:Success.
User logout is not working properly: logout seems partial, there are concerns for the application users to appear as logged in to the End user even though they are actually not:
SAML trace shows:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
<samlp:StatusMessage>
User authenticated at IdP different from User specified in the Request message
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |