Skip to main content
Aria Knowledge Central

Local Session Logout vs. IdP Session Logout

Overview

When a user manually logs out of Aria, or if Aria enforces a session time-out, this is considered a local session logout. When a user manually logs out using the IdP portal, or if the IdP enforces a session-time out, this is considered a IdP session logout.

SLO Sequence

Aria and third-party IdPs communicate with each other by using SAML 2.0 LogoutRequest and LogoutResponse messages. These messages can be transferred using either front-channel binding (HTTP-Redirect) or back-channel binding (SOAP).

A standard SLO sequence depends on whether the logout request is initiated by Aria, or by the IdP.

Logout Request Initiated by Aria

If the logout request was initiated by Aria:

  1. Aria sends a logout request to the IdP.
  2. The IdP destroys the user’s session.
  3. The IdP sends a logout response to the Aria which then destroys the session.

Logout Request Initiated by IDP

If the logout request was initiated by the IdP:

  1. The IdP sends a logout request to Aria, as well as to any other service providers to which the user is authenticated.
  2. Aria destroys the user’s session and provides a logout response indicating whether the logout was successful.
  • Was this article helpful?