What does one do with Invalid SessionIndex/NameID

Get Help
,
1

We got an event:

{
  "date": "...",
  "type": "flo",
  "description": "Invalid SessionIndex/NameID",
  "connection_id": "",
  "client_id": "...",
  "client_name": "...",
  "ip": "...",
  "user_agent": "Edge 146.0.0 / Windows 10.0.0",
  "details": {
    "allowed_logout_url": []
  },
  "hostname": "...",
  "user_id": "",
  "user_name": "",
  "$event_schema": {
    "version": "1.0.0"
  },
  "environment_name": "prod-us-1",
  "log_id": "90020260415064732185324000000000000001223372168442629092",
  "tenant_name": "...",
  "_id": "90020260415064732185324000000000000001223372168442629092",
  "isMobile": false,
  "location_info": {},
  "id": "90020260415064732185324000000000000001223372168442629092"
}

the context had:

{
  "allowed_logout_url": []
}

The IP address points to a shared IP used by the partner whose system is providing the SAML connection, and that partner also provides the same browser to pretty much everyone served by that IP address, so it isn’t terribly helpful.

It might be possible for us to time-correlate to other logs to our website, but I’m not terribly optimistic.

3

Hi @jsoref,

Welcome back to the Auth0 Community!

This is a “Failed Logout” event, indicated by the "type": "flo" in the log. The error message "description": "Invalid SessionIndex/NameID" points to an issue with the SAML Single Logout (SLO) process. In other terms, the the Identity Provider, so in this case Auth0, received a logout request it couldn’t validate, which is why the logout failed.

The root cause of this issue is very likely the empty allowed_logout_url array in the log’s details section. When a user logs out, the identity provider needs to redirect them back to a pre-approved URL, so the URL the user is being redirected to needs to be added to the Allowed Logout URLs list in your Auth0 tenant settings, as mentioned by our Redirect users after logout documentation.

Please let me know if this helped.
Best regards,
Remus