opensaml::BindingException when logging out of a Shibboleth Service Provider with Azure ActiveDirectory as IdP

Question

When users click logout, I'm redirecting them to "/Shibboleth.sso/Logout"
This successfully brings them to the Microsoft logout page, then they get redirected back to the SP.
However, as they return to the SP they get a SOAP error message.

opensaml::BindingException

The system encountered an error at Wed Sep 30 19:13:08 2020

To report this problem, please contact the site administrator at [email protected].

Please include the following message in any email:

opensaml::BindingException at (https://app/Shibboleth.sso/SLO/SOAP)

Invalid content type for SOAP message.

Answer 1

When configuring the SP on Azure, I uploaded the metadata as-is.
This populated the fields on Azure, and things mostly worked.
However, it pulled the logout url as the first entry from the metadata:

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://app/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://app/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app/Shibboleth.sso/SLO/POST"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://app/Shibboleth.sso/SLO/Artifact"/>

Rather than using the SOAP url, instead Azure should be using the "https://app/Shibboleth.sso/SLO/Redirect" location.