SAML SLO - How to sign a logout request using SP certificate? Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0toiak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Mitesh JadavMitesh Jadav 

SAML SLO - How to sign a logout request using SP certificate?

Hi,

We started using SAML authentication in our application. We have implemented SSO and it is working fine. In case of SLO, identity provider(OKTA) requires to sign logout request using SP certificate and i think will authenticate the message using public key of SP certificate.

But We are new to these certificates and don't have exact idea how to sign a request.

It will be great if we have some code/sample to sign a request as mentioned above.

Thanks,
Mitesh
Best Answer chosen by Niki (Okta, Inc.) 
James FloresJames Flores (Okta, Inc.)
Hi Mitesh,

Have you taken a look at page 32 section 4.4 of the Oasis SAML v2.0 document? It discusess Single Sign Out profiles, how they are configured and how they function. 

http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf

All Answers

James FloresJames Flores (Okta, Inc.)
Hi Mitesh,

Have you taken a look at page 32 section 4.4 of the Oasis SAML v2.0 document? It discusess Single Sign Out profiles, how they are configured and how they function. 

http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
This was selected as the best answer
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Mitesh,
Are you writing your own SAML SP? Or using a library? We recommend using a library or an out of the box SAML SP. These should already have signing functions. Otherwise, there are code samples on the internet.
 
Edward HollidayEdward Holliday (Okta, Inc.)
and configuring Okta's app SLO URL to "https://yourorghere.okta.com/login/default" is a good default SLO URl
Jerome FamiJerome Fami
The document provided does not have any details about the required certificate.