---
title: Managing partner redirect validation
description: PingFederate enables you to validate a parameter for single logout (SLO) to prevent unauthorized access.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_redirectvalidationtasklet_partnerredirectvalidationstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_redirectvalidationtasklet_partnerredirectvalidationstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
  related-links: Related links
---

# Managing partner redirect validation

PingFederate enables you to validate a parameter for single logout (SLO) to prevent unauthorized access.

## About this task

Some of the parameters used to perform redirection represent locations at a partner site—for example, the `wreply` parameter in WS-Federation. To protect against session token hijacking through open redirections, PingFederate provides an option to validate `wreply` for single logout (SLO). Once enabled, the parameter value is managed within the connection on a per-partner basis. PingFederate amalgamates the entries from all active WS-Federation connections and validates `wreply` against the consolidated list.

|   |                                                                                                                                                                                                                                                                                                                                                                                                             |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | PingFederate enables `wreply` validation for SLO by default in new installations.For backward compatibility, PingFederate upgrade tools do not enable this option if it was not selected in the previous PingFederate installation. Although optional, enabling `wreply` validation for SLO and specifying the allowed domains and paths for each WS-Federation connection can prevent unauthorized access. |

## Steps

1. Go to **Security > Redirect Validation > Partner Redirect Validation**.

2. Select the **Enable wreply Validation For SLO** checkbox to enable this feature.

   |   |                                                                                                       |
   | - | ----------------------------------------------------------------------------------------------------- |
   |   | This checkbox is selected by default in new installations. Clear the checkbox to disable the feature. |

3. Click **Save**.

## Related links

* [Defining a service URL (WS-Federation)](help_spprotocolsettingstasklet_wsfedserviceurlstate.html)

* [Specifying a service URL (WS-Federation)](help_idpprotocolsettingstasklet_wsfedserviceurlstate.html)