Both Service Provider and Identity Provider can set up the trust base.
Service Provider and Identity Provider both achieve single sign-on using the SAMLv2 protocol (persistent and transient).
Service Provider and Identity Provider must achieve single logout using SAMLv2 protocol.
The extended configuration metadata define the attributes needed for this feature.
Required APIs are provided to access the attributes defined in the extended configuration metadata.
One protocol such as OASIS SAMLv2 or Liberty ID-FF must be used across all the communications between the participating entities. Participating entities can include Service Provider, intermediate Identity Provider Proxies, and the actual Identity Provider. Currently there is no support for a heterogeneous environment that includes both SAMLv2–compliant systems and non-SAMLv2 equivalents.