There are three components to the project I’m working on:
- The SP is the SAML app assigned to the user, as mentioned in the title.
- I’m using Okta as an external IDP.
- I’m using an identity broker to act as a go-between for Okta and the SP.
When I clear the Okta user’s session and revoke their tokens, how can I ensure that the identity broker is notified of this event? Is there some setting I need to turn on? Do I need to have single logout turned on? I would expect that Okta sends a request to the ACS URL I provide, thus notifying my identity broker of change, but this doesn’t seem to be happening.