Note |
---|
...
Advanced ConfigurationNote, this is an advanced configuration feature. Most deployments can rely on the <Logout |
...
> shorthand element. |
Indicated by type="SAML2"
, this LogoutInitiator supports SAML 2.0 SP-initiated single logout. If the user's session was initiated with a protocol other than SAML 2, then the handler ignores the request. Otherwise, the initiating entityID is used to check for metadata with an <md:IDPSSODescriptor>
role supporting SAML 2.0 and a compatible <md:SingleLogoutService>
endpoint. The absence of either causes an INFO-level message to be logged and the handler otherwise ignores the request.
...
Attributes
Common Attributes
Include Page | ||||
---|---|---|---|---|
|
Specific Attributes
Name | Type | Default | Description |
---|---|---|---|
template | local pathname | An HTML template used during transmission of |
the <samlp: |
LogoutRequest> message | |||
outgoingBindings | space delimited URI list | List of SAML binding identifiers that determines the order of |
preferred <md: |
SingleLogoutService> bindings to use for the request. If this setting is used, failing to list a binding will prevent the use of an IdP that only supports the omitted binding. | |||
postArtifact | boolean | false | If true, the SAML artifact binding is implemented using a form POST rather then a redirect. |
asynchronous
asynchronous | boolean | false | When true, the logout request will contain an extension signaling that the SP doesn't need a response back. This is used to simplify the typical use case in which the user interface is meant to stay at the IdP after the logout completes |