<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007IUsy2CADOkta Classic EngineSingle Sign-OnAnswered2021-11-19T19:24:08.000Z2021-11-18T01:00:21.000Z2021-11-19T19:24:08.000Z

salvadorl.64510 (Customer) asked a question.

November 18, 2021 at 1:00 AM
How to make a request SLO okta?

 

How to make a request SLO okta?

I am developing an application to use okta as a provider, I already made the signin with saml, but now I want to do the signout, I am making a request to the url

https://{URL_DOMAIN}.okta.com/login/signout?fromURI=http://localhost:5000

 

but it gives me a cors error

example:

await fetch (`https: //{URL_DOMAIN}.okta.com/login/signout? fromURI = http: // localhost: 5000`)

 

but when I do it this way it does not show me a cors error, but it responds with an empty object and does not perform the signout of okta

example:

await fetch (`https: //{URL_DOMAIN}.okta.com/login/signout? fromURI = http: // localhost: 5000`, {

    'mode': 'no-cors',

    headers: {

     'Access-Control-Allow-Origin': '*',

    }

   })

  • 2 answers
  • 736 views

  • User16254393570754125507 (Okta)

    Hello @salvadorl.64510 (Customer)​,

     

    Okta only supports Service Provider-initiated SLO.

     

    It is important to note a few things:

     

    1. Okta currently only supports SP-INIT SLO meaning the SP web app sends the SLO request to log out of the Okta session. Okta does not log out of web apps.
    2. The web app, SP, must be able to send logout requests to Okta.
    3. The logout requests that an SP sends, as a POST, must be signed. This must conform to sections 3.7 and 4.4 of the Profiles for the OASIS Security Mark Up Language (SAML) version 2.0.

     

    In situations where developers are using Okta for SAML logins, mainly in SP INIT logins to their web apps and they want to close out/log out the Okta session, the SAML wizard can be used and includes an option to setup Single-Logout (SLO).

     

    You can learn more about this topic using the following links:

    https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Single_Logout.htm

     

    If you need further assistance feel free to post this question on our Okta Developer Forums: https://devforum.okta.com, and they should be able to help you with this.

     

    Regards,

     

    Natalia

    Okta Inc.

     

    Expand Post
This question is closed.
Loading
How to make a request SLO okta?