AM#500106006 Signature validation failed, trying to get SLO working between WSO2 & NAM

Hi. I am trying to get SLO working between WSO2 5.10.0 and NAM 5.0.1. We have SSO working. We have the session on WSO2 being logged out. But, the session on NAM remains. Looking at catalina.out on NAM, I see:

<amLogEntry> 2022-03-18T04:19:48Z INFO NIDS IDFF: AM#500106006: AMDEVICEID#67F5A08EE411D0FA:
AMAUTHID#803e9573e589a59df8f71f14a4ddd2a4842828c71ef9195ad3374863a402ed02:
Validation failure on message from wso2/NetIQAccessManagerTestIdP : Signature validation failed </amLogEntry>

We are signing logout requests:

Any ideas where we can look? Does the above error mean SLO failed?

I've looked at the SAML trace output between WSO2 and SimpleSAMLphp. From WSO2, I see:

<samlp:Status>

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />

</samlp:Status>

From SimpleSAMLphp, I see:

<samlp:Status>

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />

</samlp:Status>

Tags: