Enable Single Logout in WSO2 Identity server and redirect to custom login page

1
votes

I am using WSO2-IS 5.3.0. I have configured many service provider and SAML SSO is working as expected. But when it comes to Logout, One functionality is working fine. It means it redirects me to a common logout page after an invaliding session.

Here, I have one case, I have one service provider for it, I need to perform single logout but it should redirect to my custom login page. Though IS providing the option to configure return URL(SLO Response URL) you can see in the below screenshot. I have done that but still its redirects to the common logout page.

enter image description here

Do I need any other configuration too?

1
wso2identityserver4wso2is
Please let me knoe here, If you need more clarificationMak
Can you please attach the network tracer(.har file) from the browser? Get an Incognito window then perform login and logout. Export the browser network tracer and attach.Nipun Thathsara
Identity Server sends the SAML logout response to your defined URL. It's up to your application to digest the response(close the application session) and then redirect the browser to a desired page. After sending the logout, there's no further interaction with Identity Server. The SLO URL you define in the configs, should be capable of handling the SAML logout response and terminate the application's session.Nipun Thathsara
This is the SAML req/response. drive.google.com/…Mak
Identity server redirect me to this page drive.google.com/open?id=1ZTk_EwSL7wpL2Td0qhk7KuuZrWDf3l29Mak

1 Answers

2
votes

You are performing an IdP initiated SLO as per the given request URL. In that case, you can use the returnTo parameter in that request to redirect the response.

So set the SLO response URL to return to URL of the Enable IdP initiated SLO config. Sample request would be as follow.

https://localhost:9443/samlsso?slo=true&spEntityID=travelocity.com&returnTo=https://localhost:8080/avs.com/slo

But, you might have to define the SP specific parameters in the request.

Reference : http://daytodayjava.blogspot.com/2015/08/saml2-idp-initiated-single-logout-with.html