2396658 - [SSO] SP Initiated Logout

• How SP Initiated Logout works?
• How do I setup SP Initiated Logout?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors HXM Suite

How SP Initiated Logout works?

In SP Initiated Logout method, the logout of the session is started in the Service Provider and this is replicated in the Identity Provider, what means that the session will be finished on the Identity Provider too. The workflow is the following:

1. User triggers a log out on the SP side;
2. The SP triggers a SAML logout request to the IDP;
3. The IDP handles the logout request and terminates the associated session;
4. The IDP replies with a logout response stating the logout was successfully executed.

SP Initiated Logout Setup

The setup of SP Initiated Logout is configured in Provisioning. This way, you need to contact your Implementation Partner or Customer Support to request the change. In order to have SP initiated logout available, we need to know values for:

• SP sign LogoutRequest:
  If you want to sign the logout request (customer decides);
• SP validate LogoutResponse:
  If you want the SP to validate the logout response from IdP (customer decides);
• Global Logout Service URL (LogoutRequest destination):
  The customer URL for the logout endpoint. (Provided by customer).

2396645 - [SSO] SP Initiated Login

SAML, SAML2, Service Provider,Identity Provider, Single Sign On , KBA , LOD-SF-PLT-SAM , SAML SSO First Time Setup , LOD-SF-PLT-SSO , Single Sign-on , How To