Federation Guides › Legacy Federation Guide › Configure a WS-Federation Account Partner › Configure Signout for WS-Federation

Configure Signout for WS-Federation

Signout is the process of a user being logged out of all sessions for the browser that initiated the logout. Signout does not necessarily end all sessions for a user. For example, if the user has two browsers open, that user can establish two independent sessions. Only the session for the browser that initiates the signout is terminated at all federated sites for that session. The session in the other browser is still active.

A user can initiate a signout request from an Account Partner or a Resource Partner. The request is triggered by clicking a link pointing to the appropriate servlet.

Note: The system only supports the WS-Federation Passive Request for sign out.

By configuring the settings in the Signout section, you are informing the Account Partner how the Resource Partner supports signout.

If you enable signout, you must also:

• Enable the session store at the Account Partner using the Policy Server Management Console.

  For information about the session store, see the Policy Server Administration Guide.

• Sign-out requires a valid SiteMinder persistent session. which is established during Single Sign-on. Configure persistent sessions for the realm with the protected resources, including the authentication URL, at the Resource Partner.

  For information about realms, see the Policy Server Configuration Guide.

To configure signout

1. Navigate to the SAML Profiles page for the Resource Partner you want to configure.
2. In the Signout section, select Enable Signout.
3. Enter values for the following URL fields:
   • Signout Cleanup URL
   • Signout Confirm URL

   These fields must each have an entry that starts with https:// or http://.

   Click Help for field descriptions.

4. Click OK.