Advanced OptionsEven SPs that support requesting logout may not support receiving them, and many SPs may not care about responses to their requests. In such cases, it is advantageous to simple remove the <md:SingleLogoutService> endpoints from their metadata. Unfortunately this fails due to the IdP's requirement to try and issue a response in most cases, and results in an error. A new option has been added in V4.2+, a property named idp.logout.assumeAsync, to allow requests to be treated as though they carried the <aslo:Asynchronous> extension element, which tells the IdP that no response is needed. This allows the removal of endpoints from SP metadata to be an effective means of mitigating such problems with SPs by allowing inbound logout to the IdP while preventing outbound logout. A bean is also exposed in V4.2+ to allow message level encryption of <NameID> values to be suppressed based on Format . This is primarily suported to improve efficiency, given that many SPs rely on the urn:oasis:names:tc:SAML:2.0:nameid-format:transient format, which isn't all that important to encrypt. A typical bean definition in conf/global.xml: |