Identify which User Session to Close During SAML Single Logout
Where: This change applies to Lightning Experience and Salesforce Classic in Group, Professional, Enterprise, Performance, Unlimited, and Developer editions.
How: When Salesforce is the identity provider, it generates and sends the session index parameter to the service provider during SAML single sign-on (SSO). Depending on the initiating provider, SAML SLO follows one of these processes.
- If Salesforce initiates SLO, it sends the same session index parameter with the logout request to the service provider.
- If the service provider initiates SLO, Salesforce sends the SAML SLO request to the other service providers participating in the current session. The other service providers post a logout response to Salesforce. Salesforce returns the logout response to the initiating service provider.
When Salesforce is the service provider, it receives and stores the session index parameter sent from the identity provider during SSO. If the identity provider initiates SLO, Salesforce sends a logout response. If Salesforce initiates the SLO, it sends the same session index parameter with the logout request to the identity provider.