(Optional) Enable signed logout requests

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Some IdPs require the Service Provider to sign logout requests with a certificate.

    Avant de commencer

    Role required: sso_config_admin, business_rule_admin, script_include_admin

    Pourquoi et quand exécuter cette tâche

    If your IdP requires signed logout requests, use the IdP's metdata to set the following system properties.

    Procédure

    1. In the Advanced tab, from the property Sign LogoutRequest. Set this property to true if the Identity Provider's SingleLogoutRequest service requires signed LogoutRequest, select Yes to specify that your IdP requires a signed logout request, or select No to use unsigned logout requests.
    2. If you selected Yes to Sign LogoutRequest, then in The protocol binding for the Identity Provider's SingleLogoutRequest service. (Value can be either "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" or "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".) property, enter the one of the supported values listed in Binding attribute from the SingleLogoutService element.

      By default, the integration uses an HTTP-Redirect binding.

    3. Click Update.
    4. Install a Service Provider (SP) key store.