Logout of SAML completely
Added in 7.14.0
Verifies the logout response sent from the SAML IdP.
NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.
The SAML IdP may send a logout response back to the SP after handling the SP-initiated SAML Single Logout. This API verifies the response by ensuring the content is relevant and validating its signature. An empty response is returned if the verification process is successful. The response can be sent by the IdP with either the HTTP-Redirect or the HTTP-Post binding. The caller of this API must prepare the request accordingly so that this API can handle either of them.
Body
Required
-
realm
string Required The name of the SAML realm in Elasticsearch for which the configuration is used to verify the logout response.
ids
string | array[string] Required -
query_string
string If the SAML IdP sends the logout response with the HTTP-Redirect binding, this field must be set to the query string of the redirect URI.
-
content
string If the SAML IdP sends the logout response with the HTTP-Post binding, this field must be set to the value of the SAMLResponse form parameter from the logout response.
curl \
--request POST http://api.example.com/_security/saml/complete_logout \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '{"realm":"string","":"string","query_string":"string","content":"string"}'{
"realm": "string",
"": "string",
"query_string": "string",
"content": "string"
}