Logout of SAML Added in 7.5.0

POST /_security/saml/logout
Api key auth Basic auth Bearer auth

Submits a request to invalidate an access token and refresh token.

NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.

This API invalidates the tokens that were generated for a user by the SAML authenticate API. If the SAML realm in Elasticsearch is configured accordingly and the SAML IdP supports this, the Elasticsearch response contains a URL to redirect the user to the IdP that contains a SAML logout request (starting an SP-initiated SAML Single Logout).

External documentation
application/json

Body Required

  • token string Required

    The access token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent token that was received after refreshing the original one by using a refresh_token.

  • refresh_token string

    The refresh token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent refresh token that was received after refreshing the original access token.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • redirect string Required

      A URL that contains a SAML logout request as a parameter. You can use this URL to be redirected back to the SAML IdP and to initiate Single Logout.
POST /_security/saml/logout 
curl \
 --request POST http://api.example.com/_security/saml/logout \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"token":"string","refresh_token":"string"}'
Request examples 
{
  "token": "string",
  "refresh_token": "string"
}
Response examples (200) 
{
  "redirect": "string"
}