Versions Compared

Old Version 2

changes.mady.by.user Jon Espen Ingvaldsen

Saved on

compared with

New Version 3

changes.mady.by.user Jon Espen Ingvaldsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ADFS fully supports both IdP- and SP-initiated logout.

See: SLO: AD FS.

Azure AD

Azure AD has limited support for SLO.

While both SP- and IdP-initiated logout are reportedly supported, neither actually works. The result is that only basic SP-initiated logout is supported, which allows logout from AAD and the initiating SP.

See: SLO: Azure AD.

GSuite

GSuite does not support SAML Single logout as an IdP.

...

Keycloak fully supports SP-initiated Single logout, but to our knowledge does not support IdP-initiated logout.

See: SLO: Keycloak.

Okta

SP initiated logout is partially supported: The IdP and initiating SP's sessions are terminated, but other session participants are never notified.

...

  • The user is again redirected to Okta because Confluence has to initiate single logout (there's no way to know logout has already happened).

  • Okta now presents the user with a login form because the user already terminated the old Okta session. 

  • Upon logging in, the user is immediately signed out again.

  • ... repeat for every other session participant the user wants to log out of.

See: SLO: Okta