1

I am trying to implement slo with pingfederate 8.3.13. This is my scenario:

1 Idp Adapter 3 Sp Adapters

So this adapters are binding with Adapter to Adapters and sso works fine, Howevever We were asked to have 2 different deployments for the whole system, a qa environment and a production environmet and create respective adapters for each deployment so we have:

Qa Environment:

1 Idp Adapter 3 Sp Adapters

Production Evironment:

1 Idp Adapter 3 Sp Adapters

So they are correctly wired up with the adapter-to-adapter feature, and sso stills works fine. However when we were working on SLO, we noticed that the url for initiate an SLO request (either idp initiated or sp initiated) does not receive an idp parameter with which I can specify the environment that is being logout.

idp endpoints: https://documentation.pingidentity.com/display/PF610/IdP+Endpoints

So when hitting the startSlo url all the sp that generated a session receives an slo request (either the qa ones or the production ones).

Is there a way we can tell pingfederate just logout the sp that are wired up to an specific idp?. Or probably we are not modeling our solution correctly?

Giovanii Mirko Terrazas
  • 141
  • 1
  • 10
  • I'm also looking for an answer to this. It is incredible that we can validate a token but it is very complicated to refresh it in implicit flow (iframe trick) or just revoke. I cannot understand what is the technical complication for that. Let's say: take my token, search it in your database, then validate it or refresh or revoke... 3 different possible actions but the same element – zameb Oct 31 '17 at 20:01

0 Answers0