Single Logout (SLO)
SAML 2.0 Single Logout Profile terminates sessions across all federated participants - the IdP and every SP with an active session for the user (saml-profiles §4.4). When a user logs out at one participant, LogoutRequest messages are propagated to all other participants to ensure global session termination. SLO uses either front-channel (HTTP-Redirect/POST via browser) or back-channel (SOAP direct communication) bindings.
Single Logout (SLO)
SAML 2.0 Single Logout Profile terminates sessions across all federated participants - the IdP and every SP with an active session for the user (saml-profiles §4.4). When a user logs out at one participant, LogoutRequest messages are propagated to all other participants to ensure global session termination. SLO uses either front-channel (HTTP-Redirect/POST via browser) or back-channel (SOAP direct communication) bindings.
Sequence Diagram
Click any step for details
Step-by-Step Breakdown
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.