From a212e341a7b048a91c42e9181fb4933d32fc2c62 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 4 Oct 2019 13:39:54 +0300 Subject: [PATCH] NameID mapping and Single Logout (#47288) Clarify in the documentation that for SAML Single Logout to be functional, the Identity Provider needs to release a NameID. --- x-pack/docs/en/security/authentication/saml-guide.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/docs/en/security/authentication/saml-guide.asciidoc b/x-pack/docs/en/security/authentication/saml-guide.asciidoc index 9201a5520f76a..9625a84cb87b0 100644 --- a/x-pack/docs/en/security/authentication/saml-guide.asciidoc +++ b/x-pack/docs/en/security/authentication/saml-guide.asciidoc @@ -394,6 +394,7 @@ services it offers. By default the Elastic Stack will support SAML SLO if the following are true: - Your IdP metadata specifies that the IdP offers a SLO service +- Your IdP releases a NameID in the subject of the SAML assertion that it issues for your users - You configure `sp.logout` - The setting `idp.use_single_logout` is not `false`