KeyCloak not sending the Logout SAML Request to external IDP

[Shubham Goyal]

Hi,

We have uhes backend app integrated on OIDC protocol to keycloak for RBAC and log in. Further Keycloak is integrated to Cross Identity on SAML. 

Use Case Login  >> user click Sign in with CI (external IDP), then works fine.

Use Case Logout >> When user click on logout tab, user gets redirect to login page of uhes backend app and users session gets terminated from uHES app & keycloak but not from CI(External IDP) which is handling the SSO. As per traces Keycloak did not send  the SAML logout request. After this when user click Sign with CI again, then user gets login again without asking for user credentials.

PFA SAML traces, keycloak & external IDP metadata . Please can you share the exact root cause and fix such that user logout works smoothly for SSO.