Federation › Federation Security Services Guide › SAML 2.0 Authentication Scheme Properties Reference › SAML 2.0 Auth Scheme Properties Dialog--SLO Tab

SAML 2.0 Auth Scheme Properties Dialog--SLO Tab

The SLO tab is where you configure Single Logout (SLO) properties for the SAML Service Provider being protected by the authentication scheme.

Bindings Group Box

HTTP-Redirect

Specifies whether the IdP-initiated Single Logout Profile over HTTP is supported at the Service Provider.

Request Expiration Group Box

Validity Duration

Specifies the number of seconds for which a SLO request is valid.

Note: This property is different from that specified in the Validity Duration field on the SSO tab).

Other Controls

SLO Location URL

Required. Specifies the URL of the single logout service at the Identity Provider. The default URL is:

http://idp_server:port/affwebservices/public/saml2slo

idp_server:port

Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.

SLO Response Location URL

Optional. Specifies the URL of the single logout service at the Identity Provider. The purpose of having a Response Location URL is for a configuration where there is one service for single logout requests and one service for single logout responses.

For SiteMinder, this value is always the same as the SLO Location URL:

http://idp_fws_server:port/affwebservices/public/saml2slo

idp_server:port

Identifies the web server and port hosting the Web Agent Option Pack or SPS federation gateway.

For third-party vendors, the URL will represent the service handling single logout responses.

SLO Confirm URL

Specifies the URL that the Identity Provider or Service Provider redirects the user when the single logout request is complete. This value needs to be a local resource and cannot be a resource in a federated partner's domain. For example, if the local domain is ca.com, the SLO confirm page cannot be in the example.com domain.

Relay State Overrides SLO Confirm URL

(Optional) Replaces the URL in the SLO Confirm URL field with the value of the Relay State query parameter included with the single logout request to the SLO service. This check box gives you more control over the single logout confirmation target because using the Relay State query parameter lets you dynamically define the confirmation URL for SLO requests.