ADFS SingleLogoutService

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the shorthand elements.

The ADFS handler is only available if the adfs.so extension library is loaded by the SP.
Generally this handler need not be configured directly, because ADFS requires that it be co-located with the endpoint responsible for incoming assertions.


The ADFS handler implements the Microsoft ADFS signout protocol. The following steps are performed:

  1. Front and back-channel application notification loops are executed.

  2. The active session is removed from the cache.

  3. If a "wreply" parameter is provided, the browser is redirected to it.

  4. Otherwise, the globalLogout template is displayed.

The following Binding values are supported:

Attributes