ComponentSpace

Forums



Inform identity provider about logout


Inform identity provider about logout

Author
Message
FlorianM
FlorianM
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 2
Hello,
I have a question about SLO.
Is there a way to inform an identity provider (which does not support SLO) about the logout of a user on a service provider (which does support SLO)?

The problem is this:
Service Provider supports SLO but Identity Provider does not. (Identity Provider can send SLO-Command to Service Provider but Service Provider can not send to the Identity Provider because missing configuration for SingleLogoutService)

If a user logs on via the identity provider, logs off from the service provider and logs off from the identity provider at last, the identity provider starts SLO because it thinks it has to log off this user from the service provider.

So I would like to know if there is a way to tell the identity provider to ignore this user regarding SLO?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The only logout mechanism included in the SAML specification is the exchange of SAML logout messages (ie SLO).

If this isn't possible, you're only other option is some proprietary solution that doesn't involve SAML logout messages (eg redirecting to a logout endpoint).

If the identity provider supports IdP-initiated SLO but not SP-initiated SLO, you could redirect to some endpoint in the IdP which then initiates the SLO. This assumes that the IdP makes such an endpoint available.




Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search