You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using SimpleSAMLphp as an IdP with the OIDC module (acting as an OP). Several clients (SPs/RPs) are connected to this IdP, some via SAML and others via OIDC. Additionally, in some cases, the IdP also acts as an SP and authenticates users through another remote IdP.
Problem
When logging out via OIDC, the IdP completes the local logout process and redirects to the specified return URL without logging out the associated SPs/RPs or any remote IdP that may have been involved.
However, when logging out using SAML Single Logout (SLO), the logout process ensures that all SPs are logged out, including any possible remote IdP, before redirecting to the calling party.
Shouldn't the OIDC logout process also trigger the SAML SLO, ensuring that the session is terminated for all clients, both OIDC and SAML?
Version Info
SimpleSAMLphp: v2.3.2
OIDC Module: v5.1.0
Additional Information
Please let me know if this behavior is intended or if additional configuration is needed to enable SLO for OIDC clients. Any guidance on ensuring a consistent logout experience across both protocols would be greatly appreciated.
The text was updated successfully, but these errors were encountered:
Summary
I am using SimpleSAMLphp as an IdP with the OIDC module (acting as an OP). Several clients (SPs/RPs) are connected to this IdP, some via SAML and others via OIDC. Additionally, in some cases, the IdP also acts as an SP and authenticates users through another remote IdP.
Problem
When logging out via OIDC, the IdP completes the local logout process and redirects to the specified return URL without logging out the associated SPs/RPs or any remote IdP that may have been involved.
Here is the OIDC logout URL I call:
https://myidp.tld/ssp/module.php/oidc/logout.php?id_token_hint=XXX&post_logout_redirect_uri=XXX
However, when logging out using SAML Single Logout (SLO), the logout process ensures that all SPs are logged out, including any possible remote IdP, before redirecting to the calling party.
Here is the SAML SLO URL I call:
https://myidp.tld/ssp/saml2/idp/SingleLogoutService.php?ReturnTo=XXX
Expected Behavior
Shouldn't the OIDC logout process also trigger the SAML SLO, ensuring that the session is terminated for all clients, both OIDC and SAML?
Version Info
Additional Information
Please let me know if this behavior is intended or if additional configuration is needed to enable SLO for OIDC clients. Any guidance on ensuring a consistent logout experience across both protocols would be greatly appreciated.
The text was updated successfully, but these errors were encountered: