Versions Compared

Old Version 9

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 10

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The use of the <Logout> element results in a basic chain of initiator plugins installed at the recommended "/Logout" handler location. For advanced scenarios that require additional plugins or options, additional explicit <LogoutInitiator> elements can be added to the end of the surrounding <Sessions> element.

Table of Contents

Attributes

Name

Type

Default

Description

relayState 

relayState 

string

Overrides relayState setting


Overrides relayState setting from the <Sessions> element.

The following attribute can be specified for the SAML2 protocols

Name

Type

Default

Description

template

local pathname


An HTML template used during transmission of

the <samlp

the <samlp:

LogoutRequest> message

LogoutRequest> message.

outgoingBindings

space delimited URIs


List of SAML binding identifiers that determines the order of

preferred <md

preferred <md:

SingleLogoutService> bindings

SingleLogoutService> bindings to use for the request. If this setting is used, failing to list a binding will prevent the use of an IdP that only supports the omitted binding.

postArtifact

boolean

false

If true, the SAML artifact binding is implemented using a form POST rather then a redirect.

asynchronous

boolean

true

When true, the logout request will contain an extension signaling that the SP doesn't need a response back. This is used to simplify the typical use case in which the user interface is meant to stay at the IdP after the logout completes.

Element Content

The content of the element is a whitespace-delimited list of "protocol" identifiers. The following are built-in to the SP:

...

A "supporting" IdP's role element has a protocolSupportEnumeration attribute containing the value "http://schemas.xmlsoap.org/ws/2003/07/secext", with an accompanying <md:SingleLogoutService>with a Binding of "http://schemas.xmlsoap.org/ws/2003/07/secext".

If a "return" query string parameter is provided, it will be passed to the home realm STS in a "wreply" parameter.

...

Other protocols can be "integrated" with the service-based configuration mechanism by supplying the relevant information via the <ProtocolProvider> plugin interface.

Example

...