'Does SAML SLO (Single Logout) logout from all SP (Service Provider)?
Our javaspring application (sp) allows SSO integration for the clients. We have planned to introduce SLO (Single Logout) as part of the security audit requirement.
I have a doubt, if our application request for SLO to idp then the particular customer's all other open app's get logged out ?
We don't want to make customer's other application get logged out due to our application.
Kindly advise. If the SAML SLO request will only impact the only the service provide which requests the logout or all the service provider which customer SSO logged in with?
Solution 1:[1]
Typically single-logout (SLO) will cascade from one SP to the IdP back to all related child sessions at the other SPs. Depending on what IdP you use, you may be able to control that / be more fine-grained but you have to be careful you're not opening yourself up to any attacks (on orphaned sessions).
As per SAML spec the IdP has to inform all other session participants.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | JaredMcAteer |