In the plugin settings, if we change the setting "attempt IDP signout" to NO users do not get logged out. When we revisit our site in another tab, we are immediately signed-in which is not desirable. And if we change the "attempt IDP signout" setting to Yes, the user does appear to get logged out, and I can see in the IDP logs "action:logout outcome:success" so it appears to work, however there is an error:
SAML2 exception: BADREQUEST('%REASON%' => 'Invalid message received to AssertionConsumerService endpoint.')
Debug info: #0 [dirroot]/auth/saml2/sp/saml2-acs.php(34): require()
Stack trace:
- line 36 of /auth/saml2/sp/saml2-acs.php: saml2_exception thrown
Any idea what's going on with the error message?