ADFS responds with NOT FOUND (404) on SAML2 Logout Message

I have ADFS server as an IdP and I am building separate SP application using Python Django and PySAML2 library.

My SP application is defined as relying party on ADFS side. SSO over SAML protocol is working fine. I am sending SAML2 AuthRequest and get appropriate SAML Assertion.

Example of SAML2 AuthRequest:

<?xml version='1.0' encoding='UTF-8'?><ns0:AuthnRequest
        xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"
        xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
        AssertionConsumerServiceURL="https://ubuntuvm:8443/done/saml2/adfslocal-saml2/" 
        Destination="https://adfstest.domen.locale/adfs/ls/" 
        ID="id-aa9ea200afbb17fa61cafa5e007365d2" 
        IssueInstant="2014-06-12T16:33:05Z"
        ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
        Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
            https://ubuntuvm:8443/metadata/saml2/adfstest/</ns1:Issuer><ns0:NameIDPolicy AllowCreate="false"
            Format="urn:oasis:names:tc:SAML:1.1:nameid-format:transient" /></ns0:AuthnRequest>

Example of ADFS Assertion:

<?xml version='1.0' encoding='UTF-8'?><ns0:Assertion 
        xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        ID="_720ffe3c-0388-4694-afb9-58a721b74ab8" 
        IssueInstant="2014-06-12T16:33:02.738Z" 
        Version="2.0"><ns0:Issuer>
    http://ADFSTEST.domen.locale/adfs/services/trust</ns0:Issuer><ns1:Signature><ns1:SignedInfo><ns1:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ns1:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ns1:Reference URI="#_720ffe3c-0388-4694-afb9-58a721b74ab8"><ns1:Transforms><ns1:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ns1:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ns1:Transforms><ns1:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><ns1:DigestValue>....</ns1:DigestValue></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue>...</ns1:SignatureValue><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>...</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns1:Signature><ns0:Subject><ns0:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:transient">
        aca@domen.locale</ns0:NameID><ns0:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><ns0:SubjectConfirmationData 
            InResponseTo="id-aa9ea200afbb17fa61cafa5e007365d2"
            NotOnOrAfter="2014-06-12T16:38:02.738Z" 
            Recipient="https://ubuntuvm:8443/done/saml2/adfslocal-saml2/" /></ns0:SubjectConfirmation></ns0:Subject><ns0:Conditions 
    NotBefore="2014-06-12T16:33:02.738Z" 
    NotOnOrAfter="2014-06-12T17:33:02.738Z"><ns0:AudienceRestriction>    <ns0:Audience>https://ubuntuvm:8443/metadata/saml2/adfstest/</ns0:Audience></ns0:AudienceRestriction></ns0:Conditions><ns0:AuthnStatement 
    AuthnInstant="2014-06-12T16:15:22.114Z" 
    SessionIndex="_720ffe3c-0388-4694-afb9-58a721b74ab8"><ns0:AuthnContext><ns0:AuthnContextClassRef>urn:federation:authentication:windows</ns0:AuthnContextClassRef></ns0:AuthnContext></ns0:AuthnStatement><ns0:AttributeStatement><ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"><ns0:AttributeValue xsi:type="xs:string">aca@domen.locale</ns0:AttributeValue></ns0:Attribute><ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><ns0:AttributeValue xsi:type="xs:string">aca@mail.com</ns0:AttributeValue></ns0:Attribute><ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><ns0:AttributeValue xsi:type="xs:string">Aleksandar</ns0:AttributeValue></ns0:Attribute><ns0:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">    <ns0:AttributeValue xsi:type="xs:string">Stanimirovic</ns0:AttributeValue></ns0:Attribute><ns0:Attribute Name="http://schemas.xmlsoap.org/claims/Group"><ns0:AttributeValue xsi:type="xs:string">Test2</ns0:AttributeValue><ns0:AttributeValue xsi:type="xs:string">Test1</ns0:AttributeValue><ns0:AttributeValue xsi:type="xs:string">Domain Users</ns0:AttributeValue></ns0:Attribute></ns0:AttributeStatement>

When I try SP initated log out request I got error on ADFS side. ADFS Responds with 404 NOT FOUND. I tried to check ADFS Log and ADFS Debug Trace but nothin there. Only trace that user is logged in successfully.

My SAML2 Logout request:

<?xml version="1.0" encoding="UTF-8"?><ns0:LogoutRequest 
    xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"
        xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
        Destination="https://adfstest.domen.locale/adfs/ls/" 
        ID="id-fe0e9c68f2191d6a41c938538c91926c" 
        IssueInstant="2014-06-12T16:33:08Z" 
        Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
            https://ubuntuvm:8443/metadata/saml2/adfstest/</ns1:Issuer><ns2:Signature Id="Signature1"><ns2:SignedInfo><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ns2:Reference URI="#id-fe0e9c68f2191d6a41c938538c91926c"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns2:DigestValue>...</ns2:DigestValue></ns2:Reference></ns2:SignedInfo><ns2:SignatureValue>....</ns2:SignatureValue><ns2:KeyInfo><ns2:X509Data><ns2:X509Certificate>......</ns2:X509Certificate></ns2:X509Data></ns2:KeyInfo></ns2:Signature><ns1:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:transient">
            aca@domen.locale</ns1:NameID><ns0:SessionIndex>_720ffe3c-0388-4694-afb9-58a721b74ab8</ns0:SessionIndex></ns0:LogoutRequest>

I am trying to find solution for this problem for several days but nothing so far. Because I get 404 message I suppose that I am making something wrong with Name Id or Session Index. As I understand this two attributes are mandatory.

I also tries several different formats for Name Id with no success.

I am testing this integration on Win 2012 Server with ADFS (also tried on Win 2008 Server with ADFS 2.0 with no success).

On ADFS side I have two claim rules:

c:[Type ==   "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
    Issuer == "AD AUTHORITY"]
    => issue(store = "Active Directory", types          
    ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",   "http://schemas.xmlsoap.org/claims/Group"), query = ";
     userPrincipalName,mail,givenName,sn,tokenGroups;{0}", param = c.Value);




    c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
    => issue(Type =   "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", 
       Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, 
       ValueType = c.ValueType, 

    Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"]   
    = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");