search cancel

SLO functionality SAML2 integration


Article ID: 208336


Updated On:





We're running Federation Services and we'd like to know how if we can
implement in just one configuration the SLO for all the Federation
applications and OIDC and other protocols.

Is there a way to achieve this ?




Policy Server 12.8SP5 on RedHat 8




At first glance, Session in Siteminder are maintained in SMSESSION
cookies, which will be set in the browser, and optionally, Session can
be maintained in a Session Store.

So for the same session, if the Session gets deleted in the Session
Store, then the SMSESSION cookie won't be usable.

As differents Federations will bring different sessions, so you do
need to configure SLO on each of them, and you may want to make sure
that the SMSESSION cookie gets deleted too.

For Federation :

  SSO and SLO Dialog (SAML 2.0 SP)

    To see the SLO settings, enable the session server from the Policy
    Server Management Console.

To remove the SMSESSION cookie :

  Comprehensive Log Out

Finally, on date of February the 11th 2021, accoding to the following
KD, there's no Logout funtionality for OIDC :

  If there is SLO enabled, and the SMSESSION user logs out - are the associated OIDC session entries also deleted?

So, you can't set a unique SLO Federation configuration for all your
partnerships at 1 time.