Hi. I’m using the High-level API and as a SP, I’m trying to logout of the IdP using this code:

if (SAMLServiceProvider.CanSLO(providerId))
// Request logout at the identity provider.
SAMLServiceProvider.InitiateSLO(Response, null, null, providerId);

Basically as what the examples tell me to do. Thing is, logging in works perfectly, logging out returns a 500 ERR_CONTENT_DECODING_FAILED. The IdP -devs tell me a ‘SecurityPolicyException’ was thrown indicating that ‘Inbound message issuer was not authenticated.’.

Basic question: Is it me? If so, how to fix? Are there any things I could check as well?

I’m not sure exactly what that message means but it’s possible the IdP wants the logout message signed.
In your SAML configuration (eg saml.config file), set SignLogoutRequest and SignLogoutResponse to true for the partner identity provider configuration.
For example:


The logout messages are signed with your SP’s private key (eg LocalCertificateFile).
If there’s still an issue, please ask the IdP for more specific information.