SingleLogoutService

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <Logout> shorthand element.

The <md:SingleLogoutService> element is used to configure handlers that are responsible for processing logout protocol messages from an IdP. These are protocol specific, but generally fall into two classes: requests, which tell the SP to perform a logout, and responses, which conclude a logout event initiated by the SP.

As a multi-protocol system, the SP itself is oblivious to specific logout protocols; each handler provides the implementation of a particular logout protocol.

Protocols

Handler implementations exist for these protocols.  Precisely which handler is defined the the Binding attribute.

Common Attributes

The following may be specified for all Single Logout protocols and bindings

Name

Type

Req?

Default

Description

Locationrelative pathY

The location of the handler (when combined with the base handlerURL). This is the location to which an IdP sends messages using whatever protocol and binding it shares with the SP. Each combination of SLO protocol and binding is installed at a unique location to improve efficiency.

BindingURIY

Identifies the protocol binding supported by the handler. Bindings describe how the message is packaged by the IdP (or by the browser in some cases) for consumption by the handler.

notifyWithoutSession 3.1

Boolean
falseWhen true, the front-channel notification feature is enabled even when an incoming SAML LogoutRequest message is not accompanied by the session cookie for the active session
signing

one of

conditional, true, false, front, back



See Signing&Encryption. Controls outbound signing of XML messages and content subject to applicability to the protocol involved.
encryption

See Signing&Encryption. Controls outbound encryption of XML messages and content subject to applicability to the protocol involved.