From b2506a809f78241ebff71c5987cbf8a3726e77c6 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Mon, 7 Oct 2019 09:19:53 +0300 Subject: [PATCH] NameID mapping and Single Logout (#47288) (#47562) Clarify in the documentation that for SAML Single Logout to be functional, the Identity Provider needs to release a NameID. --- x-pack/docs/en/security/authentication/saml-guide.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/docs/en/security/authentication/saml-guide.asciidoc b/x-pack/docs/en/security/authentication/saml-guide.asciidoc index d2ee6a686d09d..d083c8b8d89fa 100644 --- a/x-pack/docs/en/security/authentication/saml-guide.asciidoc +++ b/x-pack/docs/en/security/authentication/saml-guide.asciidoc @@ -394,6 +394,7 @@ services it offers. By default the Elastic Stack will support SAML SLO if the following are true: - Your IdP metadata specifies that the IdP offers a SLO service +- Your IdP releases a NameID in the subject of the SAML assertion that it issues for your users - You configure `sp.logout` - The setting `idp.use_single_logout` is not `false`