According to the Single Logout Profile in OASIS SAML V2.0 profiles, session users should use a front channel binding. This profile is initiated to maximize the likelihood that the session authority can successfully propagate the logout to all users.
In the Administration Console, click> > > > > > .
Enable Front Channel Logout: After this option is enabled, Service Provider initiates a logout at the Identity Provider by using the HTTP Redirect method.
Configure Front Channel Logout for Access Gateway Initiated Logout: In addition to enabling the front channel logut, add the following parameters at the NESP web.xml and restart tomcat:
Add the following parameters in the web.xml below the ldapLoadThreshold context param:
<context-param> <param-name>forceESPSLOHTTP</param-name> <param-value>true</param-value> </context-param>
To restart tomcat:
Linux: Enter the following command:/etc/init.d/novell-tomcat5 restart
Windows: Enter the following commands:net stop Tomcat5net start Tomcat5