Auth0 Home Blog Docs

Does auth0 support back-channel binding for SAML SLO?

I see in metadata only logout url with HTTP-Redirect binding. Does it mean that auth0 implement only front-end binding for single logout? And can I define more then one logout url for my application or one url is a restriction from SAML specification? Or maybe I can define logout url when I expect to receive SAML logout request in authentication request?

Hi @v.bohatikov1

I see in metadata only logout url with HTTP-Redirect binding. Does it mean that auth0 implement only front-end binding for single logout?

For SSO and SLO we only support the front-channel HTTP-GET and HTTP-Redirect bindings. They should be both listed in the metadata. We don’t support back-end binding at the moment.

And can I define more then one logout url for my application or one url is a restriction from SAML specification? Or maybe I can define logout url when I expect to receive SAML logout request in authentication request?

The URL that you see in the metadata is the fixed endpoint where the SAML Logout request (or response, depending on the party that initiated the conversation) is expected. The endpoint can’t be changed.

Thanks for your response.
You don’t understand second part of my question, I ask not about auth0 logout url(aka id provider’s logout url) but about logout url for my application(aka service provider’s logout url).

1 Like

Oh, ok. You can add only one URL in this case, in the SAML app add-on configuration, under the logout.callback key. E.g.

{
  "logout": {
    "callback": "your-app-logout-endpoint"
  }
}

Thank you for fast response.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.