15.8. Configure SAML Global Logout Profile

A Global Logout initiated at one service provider logs out the user from the Identity Provider (IDP) and all the service providers.


For a Global Logout to function appropriately ensure that you have only up to five Service Providers per Identity Provider.

Procedure 15.5. Configure Global Logout

  1. Configure picketlink-handlers.xml

    Add the SAML2LogOutHandler in the picketlink-handlers.xml.
  2. Configure Service Provider web page

    Append GLO=true to the link at the end of your web page of the service provider.

    Example 15.19. Link to Global Logout

    <a href="?GLO=true">Click to Globally LogOut</a>
  3. Create a logout.jsp page

    As part of the logout process, PicketLink will redirect the user to a logout.jsp page located in the root directory of your Service Provider application. Ensure that this page is created.