The single logout protocol (SLO) results in the simultaneous end of all user sessions for the browser that initiated the logout. Configuring single logout helps ensure that no sessions are left open for unauthorized users to gain access to resources at the Service Provider.
Important! To see the SLO settings, enable the session store using the Policy Server Management Console. For instructions about using the Management Console, see the Policy Server Administration Guide for instructions.
Configure single logout at Idp1.
Follow these steps:
The Partnerships windows displays.
Deactivate a partnership before editing it.
The partnership wizard opens.
HTTP-Redirect
http://idp1.example.com:9090/idpsample/SLOConfirm.html
This link is the confirmation page at the site that initiated single logout, in this case, IdP1. If single logout completes successfully, the user is redirected to this page.
http://sp1.demo.com:9091/affwebservices/public/saml2slo
This link indicates that the single logout request is sent to the remote SP.
You return to the Partnerships window.
Single logout is now added to the configuration at IdP1.
Configure single logout at SP1.
To configure single logout at the SP
The Partnerships window displays.
Deactivate a partnership before editing it.
The dialog for the first step of the Partnership wizard opens.
HTTP-Redirect
http://sp1.demo.com:9091/spsample/SLOConfirm.html
This URL is the single logout confirmation page at the site that initiated the logout.
http://idp1.example.com:9090/affwebservices/public/saml2slo
This URL is where the single logout request is sent.
You return to the Partnerships window.
Single logout is now configured at the SP.
After you configure single logout, test it. For this test, single logout is initiated at SP1.
Initiating single logout from the SP requires that you have two web pages to initiate and confirm single logout.
<a href="http://idp1.example.com:9090/affwebservices/public/
saml2slo>Log Me Out</a>
<p>You have successfully logged out</p>
Copy both these pages to your web server root directory under the subfolder /spsample.
Note: Complete an SSO transaction so you can test SLO.
Follow these steps:
If single sign-on is successful, the welcome page is displayed in the browser.
If successful, you are redirected to the confirmation page that displays the message:
You have successfully logged out.
Copyright © 2014 CA.
All rights reserved.
|
|