When an SP PingFederate server receives a request for SLO, it redirects the user’s browser to the Logout Service as configured in the SP OpenToken Adapter instance. As part of the redirect, PingFederate and the OpenToken Adapter include both an OpenToken and a resumePath query parameter.
- The OpenToken includes attributes about the user.
- The resumePath query parameter provides the target application URL.
- PingFederate receives an SLO request under the SAML 2.0 protocol.
- PingFederate, via the OpenToken Adapter, redirects the browser to the Application Server’s Logout Service.
- The Logout Service returns to PingFederate, indicating that the logout was successful.
The code needed to perform an SP SLO is identical to that required for an IdP SLO.