The <md:SingleLogoutService>
element is used to configure handlers that are responsible for processing logout protocol messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which tell the SP to perform a logout, and responses, which conclude a logout event initiated by the SP.
As a multi-protocol system, the SP itself is oblivious to specific logout protocols; each handler provides the implementation of a particular logout protocol.
Location
(relative path)Binding
(URI)signing
(see NativeSPSigningEncryption) (Version 2.6 and Above)encryption
(see NativeSPSigningEncryption) (Version 2.6 and Above)The SAML 2.0 logout handler implements the SAML 2.0 Browser Single Logout profile. The incoming message may be a <samlp:LogoutRequest>
or <samlp:LogoutResponse>
.
If the message is a request via a front-channel binding, then the following steps are performed. If an error occurs at any point, an effort is made to respond to the requesting IdP with a <samlp:LogoutResponse>
containing the error.
<samlp:LogoutResponse>
is returned to the requesting IdP. The status indicates whether the SP believes that the logout completely succeeded.If the message is a request via a back-channel binding, then the following steps are performed:
<samlp:LogoutResponse>
is returned to the requesting IdP. The status indicates whether the SP believes that the logout completely succeeded.If the message is a response, then the SP completes the logout operation by redirecting to the browser to a location preserved by relay state, if any, or the globalLogout
template is displayed.
The following Binding
values are supported:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
The ADFS handler is only available if the |
The ADFS handler implements the Microsoft ADFS signout protocol. The following steps are performed:
globalLogout
template is displayed.The following Binding
values are supported:
http://schemas.xmlsoap.org/ws/2003/07/secext