Single Logout (SLO) URL Configuration for Application Redirection

This document outlines the configuration of the Single Logout (SLO) URL to redirect users to the application login page instead of the default Cross Identity (CI) login page when logging out of an integrated application.

By default, Cross Identity (CI) provides Single Logout (SLO) functionality where the user is redirected to a specified URL upon sending an SLO request. Typically, the SLO URL includes a query string, for example:

https://sandbox-msssecurity.crossidentity.com/CIDSaas/default/user/slo?rurl=https://enterprise-platform-5206.my.salesforce.com

When a user logs out of the Salesforce application, the default behaviour redirects the user to the login page. However, the requirement is to redirect the user to the application’s login page instead.

Proposed Solution

To ensure users are redirected to the application login page instead of the CI or Salesforce login page, the SLO URL can be configured or customized as follows:

1. Modify the Query String Parameter: Update the rurl parameter in the SLO URL to point to the application’s login page. For example:

   https://sandbox-msssecurity.crossidentity.com/CIDSaas/default/user/slo?rurl=https://your-application-login-page.com

   • Replace https://your-application-login-page.com with the actual URL of your application’s login page.

2. Implement SLO Request Handling: Ensure the application handles the SLO request properly, including:

   • Clearing session cookies or tokens.

   • Logging out the user from the application.

3. Integration Steps:

   • Test the updated SLO URL with the application to confirm redirection behaviour.

   • Verify the logout process clears sessions for both the application and CI.

   

4. Log out from the application.

5. Re-directing to the login application’s login page.