The single logout JSP provides the means by which all sessions authenticated by a particular identity provider are near-simultaneously terminated. The single logout protocol is used either when a user logs out from a participant service provider or when the principal logs out directly from the identity provider.
idpSingleLogoutPOST.jsp can do either of the following:
Receives a Logout Request from an identity provider and sends a Logout Response to a service provider.
Receives a Logout Response from the service provider.
There are no required parameters.
idpSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloInit. There are no required parameters. Optional parameters include:
RelayState: The target URL after single logout.
binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Destination: A URI indicating the address to which the request has been sent.
Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.
Consent is not supported in this release.
Extension: Specifies permitted extensions as a list of string objects.
Extension is not supported in this release.
logoutAll: Specifies that the identity provider send log out requests to all service providers without a session index. It will logout all sessions belonging to the user.
idpSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the service provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPSloRedirect. It takes the following required parameters:
SAMLRequest: The LogoutRequest from the service provider.
SAMLResponse: The LogoutResponse from the service provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.
spSingleLogoutPOST.jsp can do either of the following:
Receives a Logout Request from a service provider and sends a Logout Response to an identity provider.
Receives a Logout Response from the identity provider.
Required parameters for the first option are RelayState (the target URL for a successful single logout) and SAMLRequest (the Logout Request). For the second option it is SAMLResponse (the Logout Response).
spSingleLogoutInit.jsp initiates a LogoutRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloInit. There are no required parameters. Optional parameters include:
RelayState: The target URL after single logout.
binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Destination: A URI indicating the address to which the request has been sent.
Consent: Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this request.
Consent is not supported in this release.
Extension: Specifies permitted extensions as a list of string objects.
Extension is not supported in this release.
spSingleLogoutRedirect.jsp processes the LogoutRequest and the LogoutResponse received from the identity provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPSloRedirect. It takes the following required parameters:
SAMLRequest: The LogoutRequest from the identity provider.
SAMLResponse: The LogoutResponse from the identity provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.