SAP Knowledge Base Article - Public

2396663 - SSO- IDP & SP Initiated Logout

Symptom

  • How does IDP Initiated Logout work
  • How does SP Initiated Logout work
  • What is the difference between SSO logout methods in Success Factors

Environment

  • SuccessFactors BizX Platform

Resolution

IDP Initiated Logout

  1. User triggers a log out on the IDP side
  2. The IDP triggers a SAML logout request to the SP
  3. The SP handles the logout request and terminates the associated session
  4. The SP replies with a logout response stating the logout was successfully executed.

NOTE: An “IDP-Initiated logout” section is available in Provisioning however it has never been officially supported.

SP Initiated Login

  1. User triggers a log out on the SP side
  2. The SP triggers a SAML logout request to the IDP
  3. The IDP handles the logout request and terminates the associated session
  4. The IDP replies with a logout response stating the logout was successfully executed.

NOTE: SP initiated logout requires setting up of an Identity Provider URL in provisioning. This URL must be supplied from the Identidy Provider. For information on the behaviour of SP-Initated logout please see the KBA 2674251

Keywords

SAML, SAML2, Service Provider, Identity Provider, Single Sign On, SSO , KBA , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-PLT-SSO , Single Sign-on , How To

Product

SAP SuccessFactors HCM Core all versions