<!-- An example supporting the new-style of discovery service. -->
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
- <SessionInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
<SessionInitiator type="Shib1" defaultACSIndex="3"/>
<SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
</SessionInitiator>
<md:AssertionConsumerService Location="/SAML/Artifact" index="4"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
+ <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
+ <LogoutInitiator type="Chaining" Location="/Logout">
+ <LogoutInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <LogoutInitiator type="Local"/>
+ </LogoutInitiator>
+
+ <!-- md:SingleLogoutService locations handle single logout (SLO) protocol messages. -->
+ <md:SingleLogoutService Location="/SLO/SOAP"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <md:SingleLogoutService Location="/SLO/Redirect" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+ <md:SingleLogoutService Location="/SLO/POST" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <md:SingleLogoutService Location="/SLO/Artifact" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+
<!--
md:ArtifactResolutionService locations resolve artifacts issued when using the
SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
-->
- <md:ArtifactResolutionService Location="/SOAP/Artifact" index="1"
+ <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
</Sessions>
<!-- Configure handling of outgoing messages and SOAP authentication. -->
<DefaultRelyingParty authType="TLS" artifactEndpointIndex="1"
- signRequests="true" encryptRequests="true" signResponses="true" encryptResponses="true">
+ signRequests="front" encryptRequests="front" signResponses="true" encryptResponses="true">
<!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
<!--
<RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>