Contact Us 1-800-596-4880

Configure Single Logout

As Administrator, you can configure single logout if you use SAML. OpenID Connect does not support single logout. Using single logout, a user or user agent can log out of an authenticated environment and ensure that both service providers and identity servers process the logout correctly.

This procedure shows how to perform single logout and how to control where the user is redirected after signing out. Redirecting the user to a different page is often preferred. You can configure such a redirect in your PingFederate configuration. You can add a redirect_uri query parameter to the SLO Service URL, and Anypoint Platform routes the user there rather than to the Anypoint Platform sign-in page.

  1. In PingFederate, for example, click the SP Configuration for the Anypoint Platform.

  2. In Browser SSO > Configure Browser SSO > SAML Profiles, ensure that these fields are set:

    • IdP-Initiated SSO

    • IdP-Initiated SLO

    • SP-Initiated SLO

  3. In Protocol Settings > Configure Protocol Settings, configure a SLO Service URL with the following values:

    • Binding: POST

    • Endpoint URL

      Set PARTNER_SP_ID to the correct value:

  4. Redirect users to your sign-in page using the following URL:

    Alternatively, redirect users to your portal page using the following URL:
  5. In Allowable SAML Bindings, click Redirect.

  6. In Encryption Policy, choose either none or the entire assertions, then save and exit Protocol Settings and Browser SSO.

  7. When viewing the SP Configuration for Anypoint Platform, go to Credentials > Configure Credentials.

  8. Set Signature Verification Settings > Manage Signature Verification Settings > Trust Model to Unanchored, and import the certificate from the following location:

  9. Make this certificate the active certificate.