There is a need to know how to configure Service Provider Initiated Logout with Corporate Identity Provider.
In this scenario, the SAP Cloud Platform Identity Authentication Service has to be configured as an identity provider proxy. The corporate identity provider acts as an authenticating IdP to the application.
The logout procedure is triggered by the user at the service provider and results in a logout request sent to the identity provider proxy. Consequently, the identity provider proxy processes the request and destroys any local session information about the user. The identity provider proxy then checks whether there are other service providers in the single sign-on (SSO) session and sends logout requests to all of them. In return, the service providers send logout responses to the identity provider proxy informing it that the logout process is successful. Finally, the identity provider proxy sends a logout response to the original requesting service provider or the service provider of the application.
As an additional option, the tenant administrator of Identity Authentication can configure a URL that is sent in the SAML 2.0 Logout Response as an extension. The URL can be used to redirect the users after logging out of the application. The URL is specific for each corporate identity provider with which Identity Authentication has established a trust.
SAP Cloud Platform Identity Authentication Service
Logout, log out, Corporate Identity Provider, Corporate Idp, IAS, SCI, SAP Cloud Identity, SAP Cloud Identity Authentication Service, SAP Cloud Identity Service, SAP Cloud Identity, Service Provider, SP, SP Initiated, Logout URL, SAP Hana Cloud Platform Identity Authentication Service , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.