SAML Service Provider--SLO Settings

The SLO section is where you configure Single Logout (SLO) binding for partnership communication.
casso1283
The SLO section is where you configure Single Logout (SLO) binding for partnership communication.
  • Reuse Session Index
    Indicates whether
    SiteMinder
    sends the same session index in the assertion for the same partner in a single browser session. A user can federate multiple times with the same partner using the same browser window. Selecting this option instructs the IdP to send the same session index in each assertion. If you disable this option,
    SiteMinder
    generates a new session index every time single sign-on occurs.
    You can enable this option to help ensure single logout with third-party partners that do not honor the session index passed in newer assertions.
    This setting is relevant only if single logout is enabled.
  • Bindings
    • HTTP-Redirect
      Specifies whether the IdP-initiated single logout profile over HTTP is supported at the Service Provider.
Request Expiration
Validity Duration Second(s)
Specifies the number of seconds for which a SLO request is valid.
This property applies only to SLO messages. This setting is not the same as the Validity Duration field for the SSO settings.
URLs
SLO Location URL
(Required) Specifies the URL of the single logout service at the Service Provider. The default URL is:
http://
sp_server:port
/affwebservices/public/saml2slo
sp_server:port
Specifies the server and port number at the Service Provider hosting the Web Agent Option Pack or the federation gateway.
  • SLO Confirm URL
    Specifies the URL that the Identity Provider or Service Provider redirects the user when the single logout request is complete. This value must be a local resource and not a resource in a federated partner domain. For example, if the local domain is acme.com, the SLO confirm page cannot be in the example.com domain.
  • SLO Response Location URL
    (Optional) Specifies the URL of the single logout service at the Service Provider. A Response Location URL is useful for a configuration where there is one service for single logout requests and one service for single logout responses.
    For
    SiteMinder
    , this value is always the same as the SLO Location URL:
    http://
    sp_fws_server:port
    /affwebservices/public/saml2slo
    sp_fws_server:port
    Server at the Service Provider where the Federation Web Services application is installed.
    For third-party vendors, the URL represents the service handling single logout responses.
  • Relay State Overrides SLO Confirm URL
    (Optional) Replaces the URL in the SLO Confirm URL field with the value of the Relay State query parameter in the single logout request. The Relay State parameter gives you more control over the single logout confirmation target because you can dynamically define the confirmation URL for SLO requests.