Construct a signed SAML2 LogOut request

Question

My aim is to implement the Single Log Out Protocol. First I am understanding how the standar works and how I can fit it in my scenario: ADFS 2.0 as IdP, for

Answer 1

There's a bug in the ADFS implementation where the error message it gives is backwards. When it says:

SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 . Expected signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1

it actually means that you're using SHA1 and it was expecting SHA256.