[keycloak-dev] Issue with single sign out using salesforce SP with keycloak IDP and also customizing the logout page
John Dennis
jdennis at redhat.com
Wed Aug 24 12:30:24 EDT 2016
On 08/23/2016 06:04 PM, Rashmi Singh wrote:
> Looking more closely into this, it seems like Salesforce does not
> support SAML logout.
>
> In Salesforce, where I did the configuration for "SAML Single Sign-On
> Settings", there is the following field:
>
> Identity Provider Logout URL:
> I had specified this as:
> http://rashmiidp.cloud.com:9990/auth/realms/saml-demo/protocol/saml
>
> But, since Salesforce does not seem to support SAML logout, is it
> possible to specify some keycloak URL in this field that would logout
> the user? It seems like the URL I specify in this field gets invoked but
> then Salesforce is not really sending a SAML logout request and I just
> get an error as indicated earlier. So, I was thinking if there is some
> keycloak URL that we can specify in this field that would logout the user?
>
> If there is no such URL support, is there an alternative to solve this
> issue since Salesforce does not seem to handle the single logout?
Why do you draw the conclusion Salesforce does not support logout? That
does not seem to be indicated from this document:
http://resources.docs.salesforce.com/202/18/en-us/sfdc/pdf/salesforce_single_sign_on.pdf
What is the SP metadata you used?
--
John
More information about the keycloak-dev
mailing list