Error – SAML Single Logout request does not correspond to the logged-in session participant

We are relatively new to ADFS, having set up working rp-trusts with three partners in the last few months.  Our 4th partner is proving problematic.  Single sign in works, but the ADFS responds the single logout request from the RP with a status of Requester.  The ADFS event log shows

The SAML Single Logout request does not correspond to the logged-in session participant.

Requestor: https://test-sso.rp.com/fed/sp

Request name identifier: Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, NameQualifier: http://fs.idp.com/adfs/services/trust SPNameQualifier: https://test-sso.rp.com/fed/sp, SPProvidedId: 

Logged-in session participants:

Count: 1, [Issuer: https://test-sso.crmondemand.com/fed/sp, NameID: (Format: , NameQualifier: SPNameQualifier: , SPProvidedId: )] 

This request failed.

User Action

Verify that the claim provider trust or the relying party trust configuration is up to date. If the name identifier in the request is different from the name identifier in the session only by NameQualifier or SPNameQualifier, check and correct the name identifier policy issuance rule using the AD FS 2.0 Management snap-in.

The LogoutRequest looks like this

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

                    Destination="https://fs.timken.com/adfs/ls/"

                    ID="id-HAScmHCfwfuYk76bce6YBfO2uOM-"

                    IssueInstant="2013-01-14T13:24:04Z"

                    Version="2.0">

. . . cert, etc. omitted . . .

<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"

                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"

                NameQualifier="http://fs.idp.com/adfs/services/trust"

                SPNameQualifier="https://test-sso.rp.com/fed/sp"

                >jsmith</saml:NameID>

   <samlp:SessionIndex>_df13d31b-162e-42e1-8331-f36be6bf1194</samlp:SessionIndex>

</samlp:LogoutRequest>

The session index and the username in NameID matches the Response we got from our AuthRequest.  I don't know how to figure out what ADFS thinks does not match.  Any suggestions would be appreciated.

For completeness sake, the Response to AuthRequest looked like this.

<Subject>

            <NameID>jsmith</NameID>

            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

                <SubjectConfirmationData NotOnOrAfter="2013-01-14T13:28:52.199Z"

                                         Recipient="https://test-sso.rp.com/fed/sp/authnResponse20"

                                         />

            </SubjectConfirmation>

        </Subject>

        <Conditions NotBefore="2013-01-14T13:23:52.183Z"

                    NotOnOrAfter="2013-01-14T14:23:52.183Z"

                    >

            <AudienceRestriction>

                <Audience>https://test-sso.rp.com/fed/sp</Audience>

            </AudienceRestriction>

        </Conditions>

        <AuthnStatement AuthnInstant="2013-01-14T13:10:43.826Z"

                        SessionIndex="_df13d31b-162e-42e1-8331-f36be6bf1194"