Hi Marekw,
We could see that the SLOSAMLRequest is not having valid Name ID, hence it is failing to process the logout.
error:
[02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][
TUNNEL STATUS:
status : 10
message : Name ID is invalid in the logout request. Issuer: SP:sp1 Session ID: i9WMSTRJAdqb6pomtZA7jCr+FW8=]
[02/08/2018][08:23:25][2901][140580036138752][1712419d-ef3b892c-8fd8528d-39d0bf9c-67c589f9-0e5][SLOService.java][handleLogout][
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_4abac167-eebe-45c6-a791-d15dbeb227f4" Version="2.0" IssueInstant="2018-02-08T08:23:25Z" Destination="http://host.example.com:88/affwebservices/public/saml2slo" ><saml:Issuer>sp1</saml:Issuer><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" SPNameQualifier="sp1">host</saml:NameID></samlp:LogoutRequest>
Below is the Name ID from SAML response:
<ns2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">SuperUser</ns2:NameID>
Please check why SP is sending invalid NameID in logout request while redirecting to Siteminder.
Thanks,
Sharan