McDewey

C H A P T E R 6 SAML-Based SLO • Support for SAML-Based Single Logout (SLO), on page 39 Support for SAML-Based Single Logout (SLO) Unified CM supports SAML-based Single Logout (SLO). The SLO allows you to log out simultaneously from all sessions of a browser that you have signed in using Single Sign-on (SSO). • SLO does not log out all the running sessions at the same time for: • different browsers with the same user login credentials • the same UC product being active on different nodes in the cluster • SLO logs out only one of the active UC product or node sessions at a time that runs on the same browser and IdP. To successfully log out from all the UC applications or nodes under the same browser session, ensure that you close the browser to complete the log out process. Note Cisco Tomcat and Cisco SSOSP Tomcat services must be restarted if you are altering the IdP metadata and using root access to replace the idp.xml on the server. You need not restart any services if you are configuring SLO while enabling SSO. Also, if you are altering the IdP metadata and using the update IdP metadata option on the SAML SSO page to replace the idp.xml on the server. The following IdPs (Identity Providers) support Single Logout: • OpenAM 10.0.1 • F5 BIG-IP 11.6.0 • Okta 2017.38 • Microsoft Active Directory Federation Services idPs 2.0 (AD FS 2.0). To Log out using Microsoft Active Directory Federation Services idPs 2.0, configure the logout URL in the idp.xml file. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 39