I want to enable SLO for our service. I set up the SLO endpoint to listen for logout requests from the IdPs. Problem is when we get a request, there's no UserID attached like there is for the assertion consumer service. We want to invalidate the token for the user that is being logged out, but if we have no UserID, we don't know which user is being logged out. How would we figure this out? Or is it perhaps that I don't have a fundamental understanding of the SLO process?
|