Contact Us 1-800-596-4880
  1. Homepage
  2. Access Management
  3. Identity Management
  4. Managing Identity Providers
  5. Configuring SAML for SSO

  6. Configuring Single Signout

Configuring Single Signout

As Administrator, you can configure single signout if you use SAML. OpenID Connect doesn’t support single signout. Using single signout, a user or user agent can sign out of an authenticated environment and ensure that both service providers and identity servers process the signout correctly.

The following procedure shows how to perform single signout and control where the user is redirected after signing out. To redirect the user to a different page, set up the redirect in your PingFederate configuration by adding a redirect_uri query parameter to the SLO Service URL. Anypoint Platform routes the user to that page rather than to the Anypoint Platform sign-in page.

  1. In PingFederate, for example, click the SP Configuration for the Anypoint Platform.

  2. In Browser SSO > Configure Browser SSO > SAML Profiles, ensure that these fields are set:

    • IdP-Initiated SSO

    • IdP-Initiated SLO

    • SP-Initiated SLO

  3. In Protocol Settings > Configure Protocol Settings, configure a SLO Service URL with the following values:

    • Binding: POST

    • Endpoint URL

      Set PARTNER_SP_ID to the correct value: https://anypoint.mulesoft.com/accounts/logout/receive-id

  4. Redirect users to your sign-in page using the following URL:

    https://anypoint.mulesoft.com/accounts/logout/receive-id?redirect_uri=https%3A%2F%2Fanypoint.mulesoft.com%2Faccounts%2Flogin%2Fyour-domain

    Alternatively, redirect users to your portal page using the following URL:

    https://anypoint.mulesoft.com/accounts/logout/receive-id?redirect_uri=https%3A%2F%2Fanypoint.mulesoft.com%2Fapiplatform%2Fyour-domain%2F%23%2Fportals

  5. In Allowable SAML Bindings, click Redirect.

  6. In Encryption Policy, choose either none or the entire assertions, then save and exit Protocol Settings and Browser SSO.

  7. When viewing the SP Configuration for Anypoint Platform, go to Credentials > Configure Credentials.

  8. Set Signature Verification Settings > Manage Signature Verification Settings > Trust Model to Unanchored, and import the certificate from the following location:

    http://docs.mulesoft.com/downloads/access-management/anypoint-platform-slo.pem

  9. Make this certificate the active certificate.

See Also