Page Comparison

Initiates sessions by creating an a request for authentication specific to a particular SSO protocol, or invoking some kind of IdP discovery mechanism.

Almost always superseded by the <SSO> element; you should not in general ever need to consider configuring this directly.

Terminates a session by invoking some kind of logout process, which may be local to the SP or global to the SSO environment.

Almost always superseded by the <Logout> element; you should not in general ever need to consider configuring this directly.

Incoming entry point for messages carrying SAML SSO assertions to initiate a user session. The terminology is borrowed from the SAML spec (as is the actual element).

Almost always superseded by the <SSO> element; you should not in general ever need to consider configuring this directly.

Incoming SOAP endpoint for the resolution of SAML 2.0 artifacts into protocol messages. This is used when transmitting outbound messages as artifacts by the SP, which is borderline unheard of. (Artifacts issued by an IdP are processed by other endpoints.) The terminology is borrowed from the SAML spec (as is the actual element).

Almost always superseded by the various service elements; you should not in general ever need to consider configuring this directly.

Incoming entry point for single logout protocol messages from an IdP (acting in its role as a session authority). The terminology is borrowed from the SAML spec (as is the actual element).

Almost always superseded by the <Logout> element; you should not in general ever need to consider configuring this directly.

Incoming entry point for NameID management messages from an IdP. The terminology is borrowed from the SAML spec (as is the actual element).

Almost always superseded by the <NameIDMgmt> element; you should not in general ever need to consider configuring this directly.