SLO for SAML?
Maximilian Bosch
SLO (Single Logout URL) is a way to logout not only from the SP (== the application that authenticates users via SAML), but also from the IdP (the service it's authenticated against). See also https://www.identityserver.com/articles/the-challenge-of-building-saml-single-logout.
Even though there's no full support for it in passport-saml, it seems as if it's basically doable: https://github.com/node-saml/passport-saml/blob/eacbbbb3919ec0cf767f81696f05870eacaae237/src/strategy.ts#L232
I'd offer myself as tester for that :)
D
Donny Anderson
+1 for this feature, it's absolutely needed. I'm trying to convince my organization to use Wiki.js, but the inability to log out users from the application whenever they're logged out from the IdP means we can't adopt it. Without SLO there is no point in having SSO.