Skip to main content


  • This operation allows to generate a SAML logout request to be sent to a IdP supporting SAML Global Logout, including Soffid IdP.

  • <console-domain>/webservice/federation/rest/generate-saml-logout-request

  • POST

  • Accept = “application/json”

  • Content-Type = “application/json”

  • Use an account with federation:serviceProvider permission

Request (URL parameter)
  • user → Id of the user to log out

  • force → set to false if you want to give a chance to the end user to abort logout process. Set to true otherwise.

  • backChannel → set to true if you want to send the logout process via SOAP to the identity provider. Set to false if you want to send the logout process using a Redirect or HTML Form. The later allows interaction between the end user and the identity provider.

  • serviceProviderName → service provider that notifies user logout

  • identityProvider → identity provider to send the logout request

Response (JSON)
  • parameters → parameters to send to identity provider.

    • RelayState → identifier of the request id

    • SAMLRequest → encoded SAML request

  • method → method to use: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect or urn:oasis:names:tc:SAML:2.0:bindings:SOAP

  • url → url where to send the request


Sample request

    "user": "my-id",
    "force": true,
    "backChannel": false,

Sample response

    "parameters": {
        "SAMLResponse": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ...."

Sample redirect method made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect method)

HTTP/1.1 302 Found

Sample html form made by service provider (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST method)

    <body onLoad="document.forms[0].submit();">
        <form action="">
            <input type="hidden" name="RelayState" value="_523866242f943b4c63234dc8942ffc2f08cea03aa129a4e2"/>
            <input type="hidden" name="SAMLRequest" value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJ..."/>

Sample SOAP request ( urn:oasis:names:tc:SAML:2.0:bindings:SOAP method ). Service provader decodes SAMLRequest, and includes it in a SOAP message.

POST /SAML/SLO/SoapBinding HTTP/1.1
Content-Type: text/xml
Content-Length: ....
<SOAP-ENV:Envelope xmlns:SOAP-ENV=””>
   <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="d2b7c388cec36fa7c39c28fd298644a8" IssueInstant="2004-01-21T19:00:49Z" Version="2.0">
     <NameID Format="urn:oasis:names:tc:SAML:2.0:nameidformat:persistent">005a06e0-ad82-110d-a556-004005b13a2b</NameID>