The single logout JSP provides the means by which all sessions authenticated by a particular identity provider are near-simultaneously terminated. The single logout protocol is used either when a user logs out from a participant service provider or when the principal logs out directly from the identity provider.
idpSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloInit. There are no required parameters. Optional parameters include:
RelayState: The target URL after single logout.
binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Destination: A URI indicating the address to which the request has been sent.
Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.
Consent is not supported in this release.
Extension: Specifies permitted extensions as a list of string objects.
Extension is not supported in this release.
logoutAll: Specifies that the identity provider send log out requests to all service providers without a session index. It will logout all sessions belonging to the user.
idpSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the service provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloRedirect. It takes the following required parameters:
SAMLRequest: The LogoutRequest from the service provider.
SAMLResponse: The LogoutResponse from the service provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.
spSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloInit. There are no required parameters. Optional parameters include:
RelayState: The target URL after single logout.
binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Destination: A URI indicating the address to which the request has been sent.
Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.
Consent is not supported in this release.
Extension: Specifies permitted extensions as a list of string objects.
Extension is not supported in this release.
spSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the identity provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloRedirect. It takes the following required parameters:
SAMLRequest: The LogoutRequest from the identity provider.
SAMLResponse: The LogoutResponse from the identity provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.