AD FS SAML logout request results in Requester status code

We are trying to integrate an application login/logout with AD FS 3.0 using SAML 2.0. We have a Spring sample app that we have integrated and have working. While we can get SSO to work, we cannot get SLO to function. We have analyzed and compared the fully decoded/decrypted SAML conversations and only see compatible/spec-compliant differences. We tried editing our app as much as possible to mimic the sample app's behavior, but still, we receive a Requester status.
I enabled the AD FS Debug log, setting the log level to 5 and the various levels to Verbose in 

   C:\Windows\ADFS\Microsoft.IdentityServer.Servicehost.exe.config

and restarted the AD FS service. Even so, there is no debug log entry or admin log entry that tells why AD FS is rejecting the logout request (there are plenty of other messages). We are using redirect bindings. We verified that nameID and sessionIndex match up with what was given in the authn response. We are signing the logout request just like the sample app does.

Here are the request and response:

<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
    Destination="https://domainc.azure.local/adfs/ls/" 
    ID="_b6cd15ae-bfaa-4699-b8c9-5edd6b306dd4" 
    IssueInstant="2015-06-16T21:59:28.568Z" 
    Reason="urn:oasis:names:tc:SAML:2.0:logout:user" 
    Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        https://dcm-k50/idp/saml
    </saml2:Issuer>
    <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        randall
    </saml2:NameID>
    <saml2p:SessionIndex>_2746bdba-54c2-41e6-98e4-54965066ce51</saml2p:SessionIndex>
</saml2p:LogoutRequest>

<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    ID="_2546f7fe-37fa-4293-8029-d82eaf8f11b0" 
    Version="2.0" 
    IssueInstant="2015-06-16T21:59:26.821Z" 
    Destination="https://dcm-k50/idp/saml/logoutresponse" 
    Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" 
    InResponseTo="_b6cd15ae-bfaa-4699-b8c9-5edd6b306dd4">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://domainc.azure.local/adfs/services/trust</Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
    </samlp:Status>
</samlp:LogoutResponse>

Is there any way to get AD FS to give more debug info? Any help is appreciated.