Advanced Configuration
Indicated by type="ADFS"
, this LogoutInitiator supports Microsoft ADFS "signout" requests. If the user's session was initiated with a protocol other than ADFS, then the handler ignores the request. Otherwise, the initiating entityID is used to check for metadata with an <md:IDPSSODescriptor>
role supporting ADFS and a compatible <md:SingleLogoutService>
endpoint. The absence of either causes a warning to be logged and the handler otherwise ignores the request.
A "supporting" IdP's role element has a protocolSupportEnumeration
attribute containing the value "http://schemas.xmlsoap.org/ws/2003/07/secext"
, with an accompanying <md:SingleLogoutService>
with a Binding
of "http://schemas.xmlsoap.org/ws/2003/07/secext"
.
If a "return" query string parameter is provided, it will be passed to the home realm STS in a "wreply" parameter.
Whether or not the logout request is successfully issued, the user's session will be removed if at all possible.
Attributes
The following attributes may be specified for all types of LogoutInitiator
Name | Type | Default | Description |
---|---|---|---|
type | string | required | Plugin type name. |
Location | relative path | The location of the SessionInitiator (when combined with the base handlerURL). | |
relayState | string | Controls how information associated with the session request, primarily the original resource accessed, is preserved for the completion of the authentication process. Overrides the like-named attribute in the <Sessions> element. | |
signing | one of | See Signing&Encryption. Controls outbound signing of XML messages and content subject to applicability to the protocol involved. | |
encryption | See Signing&Encryption. Controls outbound encryption of XML messages and content subject to applicability to the protocol involved. |