(Optional) Enable signed logout requests

Some IdPs require the Service Provider to sign logout requests with a certificate.

Before you begin

Role required: admin

About this task

If your IdP requires signed logout requests, use the IdP's metdata to set the following system properties.

Procedure

  1. From the property Sign LogoutRequest. Set this property to true if the Identity Provider's SingleLogoutRequest service requires signed LogoutRequest, select Yes to specify that your IdP requires a signed logout request, or select No to use unsigned logout requests.
  2. If you selected Yes to Sign LogoutRequest, then in The protocol binding for the Identity Provider's SingleLogoutRequest service. (Value can be either "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" or "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".) property, enter the one of the supported values listed in Binding attribute from the SingleLogoutService element.

    By default, the integration uses an HTTP-Redirect binding.

  3. Click Update.
  4. Install a Service Provider (SP) key store.