SAML based logout

Question

I have authenticated my application through OpenAM based IDP through SAML.Now I want to logout of my application through SAML. So my questions are :

I have selected the "spSingleLogoutInit.jsp" implementation,is it the right way of doing?
If its yes than what should be the RelayState,I have given the login page of my application, i.e "http://www.myexample.com/login.do.

3.In the sessionIndex do I need to give the current session id i.e "request.getSession().getId()", or I need to pass the JSESSIONID from the cookies.

NameId is defined as:

String nameID ="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

is it correct?

5.binding protocol is default i.e redirect.

I am calling:

    SPSingleLogout.initiateLogoutRequest(request, response, binding,
                paramsMap);

I do not get any error,but my session still remain active

Is my declaration correct,need help.

So your using OpenAM as your IDP and not as your SP, what are you using for SP? — Stefan Rasmusson
Note that true 'Single' logout of many SPs from one IDP depends on all SPs implementing single logout. — tom
SP is my own application which I am Integrating through the Fedlet generated by OpenAM — Phalguni Mukherjee
@tom at present I have only one IDP and one SP in my region of trust,I am developing my first POC with SAML so dont have much idea. — Phalguni Mukherjee

Bernhard Thalmayr Bernhard Thalmayr · Accepted Answer · 2014-02-10T17:22:10

You may first read SAML techoverview , so you get an idea how all the parties interact ...

you may also use Spring Security SAML extension ... you get 'local' or 'global' logout OOTB ... see my workaround for IdP-initiated Single Logout