Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SAML IDP logout url?

Hi Team,

Current SMA 100 series and 1000 series both support SAML 2.0 IDP as authentication server. I did go through the administration guide and set it up with Azure AD. It's working for login.

For SMA 1000, now it can act as IDP but I don't see the logout URL for SAML service provider.

For login/ACS:

https://a.b.c.d/samlserver/sso/spinit

For Logout??

Category: Secure Mobile Access Appliances
Reply

Best Answer

Answers

  • ViveksViveks SonicWall Employee

    @Nat , SMA1000's SAML IdP doesn't have a dedicated SAML Logout endpoint currently. Could you share how you are planning to use SAML Logout option? That will help me to understand what you are planning to achieve, and suggest if there are alternatives.

    I don't think it will be hard to do SAML Logout, but never had a compelling reason to do it.

  • NatNat Newbie

    @Viveks

    I test the SMA 1000 IDP with SMA 100 as SP.

    SMA 100 SAML login, login page redirect to SMA 1000 as IDP, authenticated then return back to SMA 100 virtual office page.

    I found the SMA 1000 user is never logged out as we dont have logout url for the SAML.

    It means I logout from the SMA 100, without close and reopen the browser. I can immediate login SMA 100 again with the SAML and no need to enter any credentials.

    Also, the license will keep consuming on SMA 1000 until it becomes idle session. I just afraid this will used up lots of customer concurrent licenses.

  • NatNat Newbie

    @Viveks

    Yes it will become idle after 20 minutes but this is not a safe logout method. As I mentioned, it could be a potential security risk.

    Thanks, I got it. now it redirected to SMA1000 logoff page.

Sign In or Register to comment.