SP initiated SAML SLO Logout URL configuration
I am seeing an issue with my SAML configuration with SLO. I have a SP initiated logout work flow for which I have configured "LogoutURL" as below
I have two questions:
Question 1 --> I understand from this document that azure sends Logout request to all SP in the session and after which the Logout response to logout URL. Does Azure send LogoutRequest to the SP initiating the logout? If not, I am not seeing the logout response.
My logout request looks as below.
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0" ID="_7c12b29b-f538-4956-a407-9db035f07733" IssueInstant="2022-12-31T04:56:34.507Z" NotOnOrAfter="2022-12-31T04:58:04.507Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
matching-entityId
</saml2:Issuer>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
test@keyman .com
</saml2:NameID>
<saml2p:SessionIndex>
_dc156a51-cef2-4cf4-872b-600892254801
</saml2p:SessionIndex>
</saml2p:LogoutRequest>
Question 2 --> This is more of a SAML configuration question, does Azure send both LogoutRequest and LogoutResponse to configured LogoutURL depending on the IDP initiated or SP initiated workflow?
Since I am seeing LogoutRequest sent back from Azure after the initial LogoutRequest from SP. I am processing that to send back LogoutResponse, I never see terminating LogoutResponse from azure after. Is there some configuration or flow I am missing?
Thanks in advance