14.5.8. Single Logout
Table of Contents
Even though the SAML v2.0 specification has support for Global Logout, you have to use it very very wisely. Just remember that you need to keep the participants to a low number (say upto 5 participants with one IDP).
Global Logout : The user initiates GLO at one service provider which will log out the user at the IDP and all the service providers.
Local Logout : The user logs out of one service provider only. The session at the IDP and other service providers is intact.
14.5.8.1. Configuring the GLO
The service provider url should be appended with "?GLO=true"
Basically, in the service provider page, have a url that has the query parameter.
Assume, your service provider is http://localhost:8080/sales/, then the url for the global log out would be http://localhost:8080/sales/?GLO=true