Morning,
I’m a complete newbie to SAML, so sorry for any strange or stupid questions…
I configured the SSO, which is working fine and most importend: I understand what I did 
But I do not understand how to set the right parameters for the SLO?
For the SSO- configuration I set the SingleSignOnServiceUrl (IdP) as the URL to which the SAML-InitiateSSO call is sent. The AssertionConsumerServiceUrl (SP) is used to handle the response of the IdP.
For the SLO-configuration I set the SingleLogoutServiceUrl as the URL to which the InitiateSLO is sent, but how do I tell the system (or how does the IdP knows) to which page the response must be sent, so I can call ReceiveSLO?
Hope you can help me.
Arno
Hi Arno,
The IdP must be configured with your single logout service URL. This is the endpoint in your SP app that will receive SAML logout messages and where you call SAMLServiceProvider.ReceiveSLO. The ExampleServiceProvider’s SAML/SLOService.aspx page demonstrates calling this API.
The AssertionConsumerServiceUrl is part of the SP configuration as this URL is sent in the SAML authn request sent to the IdP when you call SAMLServiceProvider.InitiateSSO. There isn’t an equivalent SP SingleLogoutServiceUrl in the SP configuration as the SAML logout request doesn’t support sending this URL.
Therefore, all you need to configure at the SP is the partner IdP’s SingleLogoutServiceUrl. The IdP will configure your SP single logout service URL.
[quote][/quote]
Hi Arno,
The IdP must be configured with your single logout service URL. This is the endpoint in your SP app that will receive SAML logout messages and where you call SAMLServiceProvider.ReceiveSLO. The ExampleServiceProvider's SAML/SLOService.aspx page demonstrates calling this API.
The AssertionConsumerServiceUrl is part of the SP configuration as this URL is sent in the SAML authn request sent to the IdP when you call SAMLServiceProvider.InitiateSSO. There isn't an equivalent SP SingleLogoutServiceUrl in the SP configuration as the SAML logout request doesn't support sending this URL.
Therefore, all you need to configure at the SP is the partner IdP's SingleLogoutServiceUrl. The IdP will configure your SP single logout service URL.
The IdP must be configured with your single logout service URL. This is the endpoint in your SP app that will receive SAML logout messages and where you call SAMLServiceProvider.ReceiveSLO. The ExampleServiceProvider's SAML/SLOService.aspx page demonstrates calling this API.
The AssertionConsumerServiceUrl is part of the SP configuration as this URL is sent in the SAML authn request sent to the IdP when you call SAMLServiceProvider.InitiateSSO. There isn't an equivalent SP SingleLogoutServiceUrl in the SP configuration as the SAML logout request doesn't support sending this URL.
Therefore, all you need to configure at the SP is the partner IdP's SingleLogoutServiceUrl. The IdP will configure your SP single logout service URL.
Thanks for the fast reply.
So, the SingleLogoutServiceUrl is the URL of the receiving page of my website to handle SLO-response. I had misunderstood this.
Thanks. this helps me a lot.
Arno
The SingleLogoutServiceUrl is where SAML logout messages are sent to the partner IdP.
The single logout service endpoint in your SP app is where SAML logout messages are received from the partner IdP. This URL would be configured at the IdP but there’s no configuration in your SP for this endpoint. In other words, there isn’t a SingleLogoutServiceUrl.