We have Novell Access Manager set up as a SAML2 identity provider for
external service providers (including Google Appa). It also acts as a
service provider. My question is what is the recommended way of logging
out of Single Sign-on for external SPs and internal SPs? If the
external service providers call nidp/saml2/slo_return on the Identity
servers, then is the user logged out of SSO altogether? Also if we call
esp/AGLogout on the gateways does that mean that the user is logged out
of everything inlcuding the external SP? Are these logouts linked?
What we are trying to do is to redirect all logouts for internal and
external services to a single customised logout page where the user has
the option to go somewhere else, or logout of single-sign on with
AGLogout, but I am not sure if AGLogout is appropriate for the external
SPs. I am a bit confused.
Steve Tennant

sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=46809