FederationFederation Security Services GuideSAML 2.0 Service Provider Reference › SAML Service Provider Dialog--SLO Tab

Previous Topic: SAML Service Provider Attribute Editor Dialog--Advanced Tab

Next Topic: SAML Service Provider Dialog--IPD Tab

SAML Service Provider Dialog--SLO Tab

The SLO tab is where you configure Single Logout (SLO) properties of the SAML Service Provider.

HTTP-Redirect

Specifies whether the IdP-initiated Single Logout Profile over HTTP is supported at the Service Provider.

Request Expiration Group Box

Validity Duration

Specifies the number of seconds for which a SLO request is valid.

Note: This property applies only to SLO messages -- it is not the same as that specified in the Validity Duration field on the SSO tab.

URLs Group Box

SLO Location URL

(Required) Specifies the URL of the single logout service at the Service Provider. The default URL is:

http://sp_server:port/affwebservices/public/saml2slo

sp_server:port

Specifies the server and port number at the Service Provider that is hosting the Web Agent Option Pack or the SPS federation gateway.

SLO Response Location URL

(Optional) Specifies the URL of the single logout service at the Service Provider. The purpose of having a Response Location URL is for a configuration where there is one service for single logout requests and one service for single logout responses.

For SiteMinder, this value is always the same as the SLO Location URL:

http://sp_fws_server:port/affwebservices/public/saml2slo

where sp_fws_server:port is the server at the Service Provider where the Federation Web Services application is installed.

For third-party vendors, the URL represents the service handling single logout responses.

SLO Confirm URL

Specifies the URL that the Identity Provider or Service Provider redirects the user when the single logout request is complete. This value needs to be a local resource and not a resource in a federated partner's domain. For example, if the local domain is acme.com, the SLO confirm page cannot be in the example.com domain.

Relay State Overrides SLO Confirm URL

(Optional) Replaces the URL in the SLO Confirm URL field with the value of the Relay State query parameter included with the single logout request to the SLO service. This check box gives you more control over the single logout confirmation target because using the Relay State query parameter lets you dynamically define the confirmation URL for SLO requests.