'Invalid Session Participant' on SLO request despite the sessionIndex having the same value as in the authentication response

[bazfer]

Hello, I'm struggling to debug this issue. In short:

• In the SSO response from the IDP a sessionIndex is included in the XML

<saml:AuthnStatement AuthnInstant="2022-08-02T16:41:33.293Z" SessionIndex="475112335">

• In the SLO request the sessionIndex provided and logged is the same as in the auth response mentioned above

Processing SAML SLO request for participant => 
 {
  serviceProviderId: **redacted**,
  sessionIndex: '475112335',
  nameId: 'saml.jackson@example.com',
  nameIdFormat: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
  serviceProviderLogoutURL: 'http://localhost:3000/users/saml/idp_sign_out'
}

• SLO fails due to this issue

Any pointers as to what could be wrong would be greatly appreciated.

[leafac]

I ran into this issue as well. In my case, it was because I was restarting the saml-idp server between sign in and sign out, and it doesn’t persist sessions.