I am creating app in okta. When click on it, it redirect to single signon url but when logout from okta, signout url of app is not hitting? please help me on this issue.
what type of application is it?
It is SAML2.O app in OKTA
Oh, I see… No, Okta won’t start SLO for your applications on logout from Okta. But if your application enforce user re-authentication on SP side, you will be asked to re-establish the session with Okta
Can you explain in more details?
Why to re-establish the session with Okta, if it already exists?
Well, let’s start from scratch… You have your SAML application which you try to initiate IdP login from Okta, which works for you.
How are you trying to initiate logout? Usually it’s done from the application (SP) side by sending a request to Okta to logout, which will terminate user’s session with Okta.
Exact problem in short as per below (Idp-initaied approach)
I am creating an application in OKTA. Added below urls while creating okta.
Single sign on URL = MyURL1
Single Logout URL = MyURL2
Once app created. Then click on OKTA App Icon, it redirectd to MyURL1 successfully and I am getting saml responses also.
But when I logout from OKTA, it should redirect to my application logout url i.e. MyURL2 here.
But it is not hitting Logout url from OKTA.
As I said, it’s not going to happen. Okta doesn’t have this functionality. You would need to initiate a logout process from the application end. Then after Okta receives application SLO request, it will sign the user out of Okta and return him back to your SLO URL
But, how to initiate a logout process from the application end.
You application should initiate SAML SLO request to Okta, then Okta would terminate the session and send your user back with the confirmation SAML SP initiated SLO