trying to work with a sso provider (okta) using the Multiprovider SSO in servicenow on a DEV instance newly upgraded to Kingston

Testing Connection results:

SAML Logout Response 'Status' validation failed

Failed to validate logout response status. Expected: urn:oasis:names:tc:SAML:2.0:status:Success, Actual: urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported
Ensure that the IDP is configured to support requests from the Service Provider.

We also have an issue with not being able to upload the cert generated by ServiceNow's metadata to okta (fails to upload with no clear error - just says can't import the certificate- so i'm not sure if its a formatting issue or what?).

So 3 questions around this:

1. would the SAML logout error above be tied directly to the issue of our not being able to upload our cert to okta? or are these separate problems.

2. advice for resolving the above?

3. I keep seeing documentation (both from servicenow & okta) refer to a SAML2 module -but i dont have this module in any of my instances nor in my developer's instance which is kingston. is the info in this community post still accurate today? if so, would seem prudent to update the official documentation.  

Thank you in advance, we have of course reached out to the vendor of our SSO but so far even after multiple calls haven't succeeded in the sso configuration and getting a valid Test, we're in the middle of upgrading to Kingston and this is halting our progress.

ps. i've done a saml trace using the firefox plugin that is available but was only able to determine the same error as above but i'm not familiar with what to look for.

update: i found this known error on HI, looks like its for older versions though so hopefully not still the case for Kingston:

https://hi.service-now.com/kb_view.do?sysparm_article=KB0662211