Single logout

The single logout (SLO) profile enables users to sign off of all participating sites in a federated session from any site.

The associated identity provider (IdP) federation deployment manages all logout requests and responses for participating sites. If a participating site returns an error, other participating sites might not receive their logout requests. In this scenario, PingFederate returns an error message to the end users.

The logout messages can be transported using any combination of bindings described for single sign-on (SSO) (POST, artifact, or redirect). The topic for each Single sign-on scenario contains a diagram that illustrates these message flows.

About session cleanup

When a service provider (SP) receives an SLO request from an IdP, the session creation adapters must handle any session clean-up involving the local application.