Two single institution clients, RMIT and Seneca, encountered an invalid_logout_response error message every time when testing logout during SSO configuration (RMIT in November 2023, Seneca in January 2024).
Logging out and all other aspects of SSO functionally worked for both clients, but this confusing error message appeared every time someone logged out after having logged in with SSO.
Summary
Two single institution clients, RMIT and Seneca, encountered an
invalid_logout_responseerror message every time when testing logout during SSO configuration (RMIT in November 2023, Seneca in January 2024).Logging out and all other aspects of SSO functionally worked for both clients, but this confusing error message appeared every time someone logged out after having logged in with SSO.
Both clients were able to use the same workaround to remove this error message, which was to change the SP Logout URL in their IdP from the SingleLogoutService value in our SP metadata to a generic https://rmit.pressbooks.pub/wp/wp-login.php?action=logout or https://pressbooks.senecapolytechnic.ca/wp/wp-login.php?action=logout. However, this workaround has the side effect of an additional, unwanted prompt upon logout:
More detailed notes from RMIT
See RMIT's explanation of the cause of the error message, the workaround, and the side effect of the workaround here (https://pressbooks.zendesk.com/agent/tickets/18449):