Getting the error FAILED_INVALID_RESPONSE_RETURNED when enabling SLO on a working Federation Partnership

Document ID:  TEC1293434
Last Modified Date:  06/16/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details


  • CA Single Sign-On


  • CA Single Sign-On:Release:12.52 SP1



We are trying to configure SLO for a Federation Partnership which works properly. When we configure the SLO as per documentation we are getting the following errors:

-- FWSTrace.log:
[06/15/2017][09:32:42][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Calling authorizeEx to invoke SAML2 assertion generator.]
[06/15/2017][09:32:42][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Request to policy server for generating saml2 assertion/artifact based on selected profile. [CHECKPOINT = SSOSAML2_GENERATEASSERTIONORARTIFACT_REQ]]
[06/15/2017][09:32:42][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Transient IP check: false]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Result of authorizeEx call is: 1.]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Received the assertion/artifact response based on profile selected. [CHECKPOINT = SSOSAML2_RECEIVEDASSERTION_RSP]]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Not enforcing ForceAuthnTimeouts.]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Received the following response from SAML2 assertion generator: SAML2Response=NO.]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Transaction with ID: 4b16d281-58910273-7ab61828-d829e82a-461ba673-ac failed. Reason: FAILED_INVALID_RESPONSE_RETURNED]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][processAssertionGeneration][Denying request due to "NO" returned from SAML2 assertion generator.]
[06/15/2017][09:32:45][2016][4212][4b16d281-58910273-7ab61828-d829e82a-461ba673-ac][][redirectToErrorPage][Sending HTTP Error 500 ]

-- Affwebservices.log:
[2016/4212][Thu Jun 15 2017 09:32:45][][ERROR][sm-FedClient-02890] sm-FedClient-02890 (4b16d281-58910273-7ab61828-d829e82a-461ba673-ac, FAILED_INVALID_RESPONSE_RETURNED, , , )

Policy Server R12.52 SP1

SLO requires Session Store and persistent realm


Enabling the persistent flag in the realm where configuring SLO solves this issue.

Additional Information:

More information and configuration steps in the following documentation:

Configure Single Logout in the Federation deployment

Configure Single Logout

Enable Single Logout

SSO and SLO options

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255


Not what you were looking for?

Search Again >

Product Information

Support by Product >


Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing