OpenAM idpSingleLogoutInit.jsp Parameters

idpSingleLogoutInit.jsp is used to initiate SLO from the identity provider side, so call this on the identity provider not the service provider.
Example: http://www.idp.example:8080/idp/saml2/jsp/idpSingleLogoutInit.jsp

idpSingleLogoutInit.jsp Parameters
binding
(Required) Use this parameter to indicate what binding to use for the operation. For example, specifybinding=HTTP-POST to use HTTP POST binding with a self-submitting form rather than the default HTTP redirect binding. In addition to binding=HTTP-POST, you can also use binding=HTTP-Artifact.

Consent
(Optional) Use this parameter to specify a URI that is a SAML Consent Identifier.

Destination
(Optional) Use this parameter to specify a URI Reference indicating the address to which the request is sent.

Extension
(Optional) Use this parameter to specify a list of Extensions as string objects.

goto
(Optional) Use this parameter to specify where to redirect the user when the process is complete. RelayStatetakes precedence over this parameter.

logoutAll
(Optional) Use this parameter to specify that the identity provider should send single logout requests to service providers without indicating a session index.

RelayState
(Optional) Use this parameter to specify where to redirect the user when the process is complete. Make sure you URL encode the value. For example, RelayState=http%3A%2F%2Fopenam.forgerock.org takes the user tohttp://openam.forgerock.org.

Leave a Reply

Your email address will not be published. Required fields are marked *