Versions Compared

Old Version 7

changes.mady.by.user Takeshi Nishimura

Saved on

compared with

New Version 8

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Note

...

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <Logout

...

> shorthand element.

Indicated by type="SAML2", this LogoutInitiator supports SAML 2.0 SP-initiated single logout. If the user's session was initiated with a protocol other than SAML 2, then the handler ignores the request. Otherwise, the initiating entityID is used to check for metadata with an <md:IDPSSODescriptor> role supporting SAML 2.0 and a compatible <md:SingleLogoutService> endpoint. The absence of either causes an INFO-level message to be logged and the handler otherwise ignores the request.

...

Attributes

Common Attributes

Include Page
LogoutInitiatorCommonAttributes
LogoutInitiatorCommonAttributes

Specific Attributes

Name

Type

Default

Description

template

local pathname


An HTML template used during transmission of

the <samlp

the <samlp:

LogoutRequest> message

LogoutRequest> message

outgoingBindings

space delimited URI list


List of SAML binding identifiers that determines the order of

preferred <md

preferred <md:

SingleLogoutService> bindings

SingleLogoutService> bindings to use for the request. If this setting is used, failing to list a binding will prevent the use of an IdP that only supports the omitted binding.

postArtifact

boolean

false

If true, the SAML artifact binding is implemented using a form POST rather then a redirect.

asynchronous 

asynchronous 

boolean

false

When true, the logout request will contain an extension signaling that the SP doesn't need a response back. This is used to simplify the typical use case in which the user interface is meant to stay at the IdP after the logout completes