"No SAML message query string parameter in HTTP Redirect" error but for some selected users only

SAML for ASP.NET
1

Hello,
We are having a strange problem with our customers. We are using licensed version of your dll and we have setup several ADFS servers (acting as Identity Providers) and SSO is working fine for all.
But during Logout for our site (acting as Service Provider) only some random few of the users are experiencing an error. Attaching the screenshot below.
Also, below is our saml.config (I have provided only relevant data below and removed the rest).

<?xml version="1.0"?>

<ServiceProvider Name=“<a href=“https://ucmdevicn.icontracts.com””>https://ucmdevicn.icontracts.com"
Description=“iContracts Staging”
AssertionConsumerServiceUrl=“~/web/SAML/AssertionConsumerService.aspx”
LocalCertificateFile=“Certificates\wildcard_icontracts_com.pfx”
LocalCertificatePassword=“XXXXXXXXXX” />




<PartnerIdentityProvider Name=“<a href=“http://adfs30.hhsc.org/adfs/services/trust””>http://adfs30.hhsc.org/adfs/services/trust"
Description=“ADFS HHSC”
SignAuthnRequest=“true”
SignLogoutRequest=“true”
WantAssertionEncrypted=“true”
WantLogoutResponseSigned=“true”
PartnerCertificateFile=“Certificates\adfs30_hhsc_org_base64.cer”
SingleSignOnServiceUrl=“<a href=“https://adfs30.hhsc.org/adfs/ls/””>https://adfs30.hhsc.org/adfs/ls/
SingleLogoutServiceUrl=”<a href=“https://adfs30.hhsc.org/adfs/ls/”“>https://adfs30.hhsc.org/adfs/ls/” />

<PartnerIdentityProvider Name=“<a href=“http://ws2016.adfs.local/adfs/services/trust””>http://ws2016.adfs.local/adfs/services/trust"
Description=“Local ADFS”
SignAuthnRequest=“true”
SignLogoutRequest=“true”
WantAssertionEncrypted=“true”
WantLogoutResponseSigned=“true”
PartnerCertificateFile=“Certificates\ws2016.adfs.local.cer”
SingleSignOnServiceUrl=“<a href=“https://ws2016.adfs.local/adfs/ls/””>https://ws2016.adfs.local/adfs/ls/
SingleLogoutServiceUrl=”<a href=“https://ws2016.adfs.local/adfs/ls/”“>https://ws2016.adfs.local/adfs/ls/” />





Please help us resolve the issue.



Thanks

2

The SAML logout message is transported as a SAMLRequest/SAMLResponse query string. If this is missing we throw the exception you’re seeing.
It’s possible a redirect to your logout page is occurring rather than receiving a SAML logout message.
I suggest using the browser developer tools to follow the network traffic flow.
If you see an HTTP Get with no SAMLRequest/SAMLResponse query string parameter sent to your SAML logout page you then need to follow the flow that lead to this.