IDP logout customizations

Cantor, Scott cantor.2 at
Mon Apr 8 09:52:15 EDT 2019

On 4/8/19, 9:44 AM, "users on behalf of Manuel Haim" <users-bounces at on behalf of haim at> wrote:

> On logout, the first endpoint within the metadata is contacted. If this
> is of type "Artifact", the SP will ask the IdP for the SAML message.
> Thus the IdP must have ArtifactResolution enabled

If the IdP itself doesn't support artifacts it shouldn't choose that binding, so the order isn't important, it would simply skip that endpoint.

-- Scott

More information about the users mailing list