For Single Log Out, I need Logout Responses to be signed.


Starting with SAML SSO 6.5.x, we added an option to sign logout responses. Depending on the identity provider and how you have configured it, you must also adjust the identity provider settings.

Configure SAML SSO App

Follow the steps below to activate signed logout responses:

  1. Go to the SAML SSO configuration.
  2. On the identity provider configuration, scroll down to the Basic IdP Settings and see the options below the Logout Binding.

  3. Click Sign Logout Response and Save the configuration.

Configure your Identity Provider

As a rule of thumb, whenever you configured your identity provider using the metadata of SAML SSO, the identity provider should be aware of our public key and thus should be able to check the signature.

For some identity providers, you must add the public key by hand. If you have followed our SLO tutorial (see SAML2 Single Logout (SLO)), you should be good to go.