Forums, Documentation & Knowledge Base - ComponentSpace

IdP-initiated Single Logout


https://componentspace.com/forums/Topic23.aspx

By ComponentSpace - 2/20/2014

In IdP-initiated single logout (SLO), the user starts at the IdP site, and clicks a link to logout out of the IdP site and every SP site to which there is an SSO session.
The following diagram outlines the IdP-initiated SLO flow.

https://www.componentspace.com/forums/uploads/images/4bdba48a-91d6-429f-8f7c-397e.png

  1. The user has already SSO’d to one or more service providers.
  2. The user clicks a link at the IdP site to initiate SLO.
  3. The user is logged out of the IdP site.
  4. A logout request is sent to the SP site.
  5. The user is logged out of the SP site.
  6. A logout response is sent to the IdP site.

Note that steps 4 through 6 are repeated for each service provider.