SSO Troubleshooting: We are not recognizing the SAMLRequest or SAMLResponse
Learn how to resolve an invalid single logout message error
What This Error Means
During single logout (SLO), Foundry displays the following message:
We’re sorry.
We are not recognizing the SAMLRequest or SAMLResponse.
Please contact your IT department for assistance.
This error appears when Foundry receives a logout request at its single logout URL, but the message is not recognized as a valid SAML logout message.
Why This Happens
During SLO, Foundry expects the identity provider to send a SAML message that includes one of the following query string parameters:
- SAMLRequest (for a logout request), or
- SAMLResponse (for a logout response)
This error occurs when:
- The identity provider sends a request to Foundry’s logout URL without either parameter, or
- The logout message is not formatted as a valid SAML request or response
Without one of these parameters, Foundry cannot process the logout message.
How to Resolve the Issue
- Review the single logout configuration in your identity provider
- Confirm the identity provider is sending a valid SLO message to Foundry that includes:
- A SAMLRequest parameter for logout requests, or
- A SAMLResponse parameter for logout responses
- Verify the logout endpoint configured in the identity provider matches Foundry’s expected SLO URL
After correcting the configuration, test logging out again using SSO.