The service endpoint URL is where PingFederate sends request for security token (RST) and single log-out (SLO) messages.
To protect against session token hijacking, PingFederate provides an option to validate wreply for SLO. When this option is enabled, you can specify additional allowed domains and paths on this tab. PingFederate validates the locations against a consolidated list of allowed domains and paths from all active WS-Federation connections before redirecting the end users to their destinations.
The settings to enter additional allowed domains and paths appear only if the option to validate wreply for SLO is enabled. For more information, see Managing partner redirect validation.