The service endpoint URL is a location to which PingFederate sends RST (Request for Security Token) and SLO messages.
To protect against session token hijacking, PingFederate provides an option to validate wreply for SLO. When the option is enabled, you can specify additional allowed domains and paths in this screen. PingFederate validates the locations against a consolidated list of allowed domains and paths from all active WS-Federation connections before redirecting the end users to their destinations.
Settings to enter additional allowed domains and paths appear only if the option to validate wreply for SLO is enabled (see Managing partner redirect validation).