2396663 - SSO- IDP & SP Initiated Logout

SAP Knowledge Base Article - Public

2396663 - SSO- IDP & SP Initiated Logout

Symptom

  • How does IDP Initiated Logout work
  • How does SP Initiated Logout work
  • What is the difference between SSO logout methods in Success Factors

 

Environment

  • BizX
  • BizX Platform

Resolution

IDP Initiated

•User triggers a log out on the IDP side
•The IDP triggers a SAML logout request to the SP
•The SP handles the logout request and terminates the associated session
•The SP replies with a logout response stating the logout was successfully executed.

NOTE: An “IDP-Initiated logout” section is available in Provisioning however it has never been officially supported.

SP Initiated

•User triggers a log out on the SP side
•The SP triggers a SAML logout request to the IDP
•The IDP handles the logout request and terminates the associated session
•The IDP replies with a logout response stating the logout was successfully executed.
 

Both IDP and SP initiated logout scenarios require setting up of IdP URL’s in provisioning. These URL’s will be the ones the respective systems will redirect to when triggering the logout requests and responses. Our SuccessFactors specific URL’s are provided to our customers in the metadata file.

Keywords

  • SAML
  • SAML2
  • Service Provider
  • Identity Provider
  • Single Sign On
  • SSO
, KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SSO , Single Sign-on , How To

Product

SAP SuccessFactors HCM Core all versions