How to SLO with Mutliple IdP configurations

We have two IdPs configured in our app.
IdP1, SP1
IdP2, SP2

This is the SP-initiated SLO we implemented on our app:

1. from SP1 → _samlServiceProvider.InitiateSloAsync(<PartnerIdentityProvider: IdP1’s name>, string.Empty, Uri.UnescapeDataString(postLogoutRedirectUrl))
2. IdP1’s SingleLogoutService →

{
    bool isRequest = false;
    bool hasCompleted = false;
    string logoutReason = null;
    string partnerSP = null;
    string relayState = null;

    SAMLController.ConfigurationName = <IdP1's Name>;
    SAMLIdentityProvider.ReceiveSLO(Request, Response, out isRequest, out hasCompleted, out
    logoutReason, out partnerSP, out relayState);

    if (isRequest)
    {
        SAMLIdentityProvider.SendSLO(Response, "");
        return <app logout process>;
    }
    else if (hasCompleted)
        return <app logout process>;
    return new EmptyResult();
}

When we logout from SP1 and both IdPs have single-signed on, on SAMLIdentityProvider.SendSLO(Response, ""), we’re getting the error:
The partner service provider <SP2’s name> is not configured.

What did we do wrong here? How to do a proper SLO if both IdPs have singled-signed on?

When you initiate SLO to an IdP, it will log the user out of the local authentication session at the IdP and the IdP will in turn initiate SLO to the SPs with authentication sessions within the same browser session. The IdP has no knowledge of other IdPs.

If an SP has completed SSO with two IdPs, it would have to initiate SLO to both of these if the user is to be logged out from both IdPs and all associated SPs.

I couldn’t see any obvious issues in your code etc.

If there’s still an issue, please enable SAML trace at both the IdP and SP and send the generated log files as email attachments to support@componentspace.com mentioning your form post.

For SAML for ASP.NET:

Enabling SAML for ASP.NET Trace

For SAML for ASP.NET Core:

Enabling SAML for ASP.NET Core Trace