SAML 2.0 Authentication Scheme--SLO Settings

The SLO settings let you configure how the Service Provider handles single logout (SLO).
casso127
HID_saml2-auth-slo
The SLO settings let you configure how the Service Provider handles single logout (SLO).
Bindings
HTTP-Redirect
Specifies whether the IdP-initiated Single Logout Profile over HTTP is supported at the Service Provider.
Request Expiration
Validity Duration in Seconds
Specifies the number of seconds for which a single logout request is valid.
SLO Location URL
Required. Specifies the URL of the single logout service at the Identity Provider. The default URL is:
http://
idp_server:port
/affwebservices/public/saml2slo
casso127
idp_server:port
Identifies the web server and port hosting the Web Agent Option Pack or
CA Access Gateway
.
SLO Response Location URL
(Optional) Specifies the URL of the single logout service at the Identity Provider. Use the Response Location URL for a configuration where there is one service for single logout requests and one service for single logout responses.
For
CA Single Sign-On
, this value is always the same as the SLO Location URL:
http://
idp_fws_server:port
/affwebservices/public/saml2slo
casso127
idp_server:port
Identifies the web server and port hosting the Web Agent Option Pack or
CA Access Gateway
.
For third-party vendors, the URL represents the service handling single logout responses.
SLO Confirm URL
Specifies the URL that the Identity Provider or Service Provider redirects the user when the single logout request is complete. This value must be a local resource and cannot be a resource in a federated partner domain. For example, if the local domain is ca.com, the SLO confirm page cannot be in the example.com domain.
casso127
Relay State Overrides Confirm URL
(Optional) Replaces the URL in the SLO Confirm URL field with the value of the Relay State query parameter in the single logout request. This option gives you more control over the single logout confirmation target. You have more control because the Relay State query parameter lets you dynamically define the confirmation URL for SLO requests.