borna
Reputation: 924
SAML 2.0, Single Logout issue
I have a question regarding SAML 2.0 and SLO.
During SLO, as an Idp we're initiating the logout and sending a logout request to SP and SP is sending back a logout response. We're getting a partial logout on the IDP side and the user is getting logged out on the IDP side, however if I go back to SP site, I am still logged in.
Is this an issue on the IdP side or the SP side? By that I mean should SP terminate the session and send logout response to IDP or is the IdP's job to terminate the sessions on both side?
Thanks
Upvotes: 2
Views: 942
Answers (1)
Andrew K.
Reputation: 3341
The SP session is the responsibility of the SP. They should kill their session before returning the LogoutResponse to the IdP.
Upvotes: 4
Related Questions
- SAML 2.0 Response and the KeyInfo element
- SP initiated Single Logout receives a SAML logout request from ADFS IDP instead of SAML Logout Response
- Issue with SAML 2.0 single logout - How should IdP terminate SP sessions running in different user agents?
- I have a question on SAML session management and Single Logout Option (SLO)
- How to configure Single Logout when using Google Apps as the Identity Provider?
- WSO2 and Spring SAML single logout issue
- What configuration to do in IDP to initiate SLO and how to consume IDP initiated SLO response in SP using SAML 2.0