Search the Aria Knowledgebase for
User Documentation, APIs, SDKs, and more!

 

Home > User Documentation > Configuration > Single Sign-On (SSO) > Single Logout Considerations > Local Session Logout vs. IdP Session Logout

Local Session Logout vs. IdP Session Logout

Overview

When a user manually logs out of Aria, or if Aria enforces a session time-out, this is considered a local session logout. When a user manually logs out using the IdP portal, or if the IdP enforces a session-time out, this is considered a IdP session logout. 

SLO Sequence

Aria and third-party IdPs communicate with each other by using SAML 2.0 LogoutRequest and LogoutResponse messages. These messages can be transferred using either front-channel binding (HTTP-Redirect) or back-channel binding (SOAP). 

A standard SLO sequence depends on whether the logout request is initiated by Aria, or by the IdP. 

Logout Request Initiated by Aria

If the logout request was initiated by Aria:

  1.  Aria sends a logout request to the IdP.
  2.  The IdP destroys the user’s session.
  3. The IdP sends a logout response to the Aria which then destroys the session.

Logout Request Initiated by IDP

If the logout request was initiated by the IdP:

  1. The IdP sends a logout request to Aria, as well as to any other service providers to which the user is authenticated.
  2. Aria destroys the user’s session and provides a logout response indicating whether the logout was successful.

 

 

You must to post a comment.
Last modified
20:50, 20 Jul 2015

Tags

Classifications

This page has no classifications.