The first objective for anyone wanting to implement SAML in their organization is to accomplish Web Single Sing-On (SSO) to simplify access to various external and internal resources using a single account and password.
SAML provides a secure way to share identity information between Identity Providers and Service Providers. Many times the second question I get asked is 'what about when users log out?'
The SAML specification does define a Single Logout (SLO) profile, which we support in PingFederate but there are usually a lot of questions and some potential issues in implementing SLO. You want SLO to work as smoothly as SSO, but there are some hurdles and in certain situations, it may not be that smooth.
About year ago, at the request of a customer, I spent time configuring PingFederate to use SLO in order to work through the issues and demonstrate it in action. The objective was to prove PingFederate SLO, understand what it takes to implement, and to learn about the potential hurdles.
This was an interesting exercise and a great learning opportunity. I'll be hosting a Technical Round Table (TRT) on May 28 to discuss this experience.
Register here for this TRT. Hope to see you there!
John DaSilva develops training and solutions at Ping Identity.