Managing partner redirect validation
PingFederate enables you to validate a parameter for single logout (SLO) to prevent unauthorized access.
About this task
Some of the parameters used to perform redirection represent locations at a partner site—for example, the wreply
parameter in WS-Federation. To protect against session token hijacking through open redirections, PingFederate provides an option to validate wreply
for single logout (SLO). Once enabled, the parameter value is managed within the connection on a per-partner basis. PingFederate amalgamates the entries from all active WS-Federation connections and validates wreply
against the consolidated list.
PingFederate enables For backward compatibility, PingFederate upgrade tools do not enable this option if it was not selected in the previous PingFederate installation. Although optional, enabling |