Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SAML IDP logout url?

NatNat Newbie
in Secure Mobile Access Appliances

Hi Team,

Current SMA 100 series and 1000 series both support SAML 2.0 IDP as authentication server. I did go through the administration guide and set it up with Azure AD. It's working for login.

For SMA 1000, now it can act as IDP but I don't see the logout URL for SAML service provider.

For login/ACS:

https://a.b.c.d/samlserver/sso/spinit

For Logout??

Category: Secure Mobile Access Appliances
Reply

Best Answer

Answers

  • ViveksViveks SonicWall Employee

    @Nat , SMA1000's SAML IdP doesn't have a dedicated SAML Logout endpoint currently. Could you share how you are planning to use SAML Logout option? That will help me to understand what you are planning to achieve, and suggest if there are alternatives.

    I don't think it will be hard to do SAML Logout, but never had a compelling reason to do it.

  • NatNat Newbie

    @Viveks

    I test the SMA 1000 IDP with SMA 100 as SP.

    SMA 100 SAML login, login page redirect to SMA 1000 as IDP, authenticated then return back to SMA 100 virtual office page.

    I found the SMA 1000 user is never logged out as we dont have logout url for the SAML.

    It means I logout from the SMA 100, without close and reopen the browser. I can immediate login SMA 100 again with the SAML and no need to enter any credentials.

    Also, the license will keep consuming on SMA 1000 until it becomes idle session. I just afraid this will used up lots of customer concurrent licenses.

  • NatNat Newbie

    @Viveks

    Yes it will become idle after 20 minutes but this is not a safe logout method. As I mentioned, it could be a potential security risk.

    Thanks, I got it. now it redirected to SMA1000 logoff page.

  • RedNetRedNet Enthusiast ✭✭

    Hi @Nat Did that Logout URL work for you, I see the same with Azure SMA 500v using SAML to o365 Azure AD. Everything working fine but the user logout is not happening on the SMA when the users logs off the portal.... tried lots of URLs on my SAML app reg in o365 which I have seen mentioned but none seem to work.

  • NatNat Newbie

    @RedNet I think you are on different situation. I am using sma1000 as IDP so I need sma1000 to provide logout url.

    You are using sma100 with AAD, the logout url should be provided by Azure.

Sign In or Register to comment.