There is not sufficient information here to help you. Please read [How to ask a good question on Gluu Support](https://support.gluu.org/docs/user-guide/how-to-ask/)

Let's try this again: I have Gluu configured with Incommon as a federation and SPIN as an SP. When I go to spin.infoedglobal.com and select my institution: Albert Einstein College of Medicine, I get the error: "Your browser sent a request that this server could not understand.Apache Server at vbushib.einsteinmed.org Port 443" The idp logs have been changed to debug, and in those logs is: -bash-4.2# tail idp-process.log 2020-09-21 13:40:43,286 - 104.7.220.90 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:202] - Message Handler: SAML message intended destination endpoint matched recipient endpoint 2020-09-21 13:40:43,287 - 104.7.220.90 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:169] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' on INBOUND message context 2020-09-21 13:40:43,287 - 104.7.220.90 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:190] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2020-09-21 13:40:43,287 - 104.7.220.90 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:154] - Message Handler: Evaluating message replay for message ID '_86b9e72f9058d79204ad49cd8de92a96', issue instant '2020-09-21T17:40:27Z', entityID 'https://spin.infoedglobal.com/shibboleth' 2020-09-21 13:40:43,287 - 104.7.220.90 - WARN [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:158] - Message Handler: Replay detected of message '_86b9e72f9058d79204ad49cd8de92a96' from issuer 'https://spin.infoedglobal.com/shibboleth' 2020-09-21 13:40:43,288 - 104.7.220.90 - WARN [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:197] - Profile Action WebFlowMessageHandlerAdaptor: Exception handling message org.opensaml.messaging.handler.MessageHandlerException: Rejecting replayed message ID '_86b9e72f9058d79204ad49cd8de92a96' from issuer https://spin.infoedglobal.com/shibboleth at org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler.doInvoke(MessageReplaySecurityHandler.java:159) 2020-09-21 13:40:43,289 - 104.7.220.90 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: MessageReplay 2020-09-21 13:40:43,290 - 104.7.220.90 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:142] - No SAMLBindingContext or binding URI available, error must be handled locally -bash-4.2# tail idp-warn.log at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938) at java.base/java.lang.Thread.run(Thread.java:834) 2020-09-21 13:40:43,289 - 104.7.220.90 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: MessageReplay

Figured it out for the record, SP was pointing to the logout URL, "SLO" instead of "SSO". It was in the image but I guess that didn't come through in the ticket.