[security-dev] SP-initiated Single Log Out

Pedro Igor Silva psilva at redhat.com
Wed Dec 3 20:03:11 EST 2014

Using front-channel SLO you need browser redirects. So you must send ?GLO=true to your SP from a browser.

But, if you are using back-channel SLO, I think you can invoke the IdP once with a ?GLO=true (using some http library) and it will invoke each SP to invalidate the session for the user. In this case, you need to pass the JSESSIONID from IdP, so it can restore user session and know the participants (SPs).

There is no API for that.

----- Original Message -----
From: "Adam Dong" <adamdong at vidder.com>
To: security-dev at lists.jboss.org
Sent: Wednesday, December 3, 2014 10:26:37 PM
Subject: [security-dev] SP-initiated Single Log Out


If I'd like to, from SP-side. initiate the SLO (single log out) programmatically (suppose it is the code behind a GUI "Logout" button), how to do that (which class and which method to call) ?



security-dev mailing list
security-dev at lists.jboss.org

More information about the security-dev mailing list