SAML SLO not logging user out

Problem statement

We are currently experiencing an issue with a SAML integration during the logout phase. We have set up an integration between an Auth0 tenant (via Enterprise SAML connection) and a customer’s SAML IdP and everything is working properly during login (communication between Auth0 and SAMLP, and Auth0 and our app).

Also logout is working fine and when the user push our application logout button we send the call to Auth0 that manages the logout properly (we can find the successful logout in Auth0 logs).

But, we set up a Single Logout (SLO) url in Sign Out field in SAML connection setup and seems that Auth0 doesn’t contact this URI to do the logoff SAML side (we have no calls in SAMLP logs from Auth0 to the SLO endpoint).

Is that normal? We expect that, during logout phase, the SLO Sign Out endpoint is called and the user will logoff at SAML level. Could you please check this behaviour?

Solution

When calling the /v2/logout endpoint, be sure to include the federated parameter. Without this parameter, Auth0 won’t hit the SLO Sign Out URL. You can read more about this functionality here: