Single Logout JavaServer Pages

The single logout JSP provides the means by which all sessions authenticated by a particular identity provider are near-simultaneously terminated. The single logout protocol is used either when a user logs out from a participant service provider or when the principal logs out directly from the identity provider.

• idpSingleLogoutInit.jsp

• idpSingleLogoutRedirect.jsp

• spSingleLogoutInit.jsp

• spSingleLogoutRedirect.jsp

idpSingleLogoutInit.jsp

idpSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloInit. There are no required parameters. Optional parameters include:

• RelayState: The target URL after single logout.

• binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:

  • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

• Destination: A URI indicating the address to which the request has been sent.

• Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.

  ---

  Note –

  Consent is not supported in this release.

  ---

• Extension: Specifies permitted extensions as a list of string objects.

  ---

  Note –

  Extension is not supported in this release.

  ---

• logoutAll: Specifies that the identity provider send log out requests to all service providers without a session index. It will logout all sessions belonging to the user.

idpSingleLogoutRedirect.jsp

idpSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the service provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloRedirect. It takes the following required parameters:

• SAMLRequest: The LogoutRequest from the service provider.

• SAMLResponse: The LogoutResponse from the service provider.

Optionally, it can also take the RelayState parameter which specifies the target URL of the request.

spSingleLogoutInit.jsp

spSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloInit. There are no required parameters. Optional parameters include:

• RelayState: The target URL after single logout.

• binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:

  • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

• Destination: A URI indicating the address to which the request has been sent.

• Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.

  ---

  Note –

  Consent is not supported in this release.

  ---

• Extension: Specifies permitted extensions as a list of string objects.

  ---

  Note –

  Extension is not supported in this release.

  ---

spSingleLogoutRedirect.jsp

spSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the identity provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloRedirect. It takes the following required parameters:

• SAMLRequest: The LogoutRequest from the identity provider.

• SAMLResponse: The LogoutResponse from the identity provider.

Optionally, it can also take the RelayState parameter which specifies the target URL of the request.