Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

SAML logout when session expires

Written By

Kanchan Bisht

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry

Environment

  • Liferay 7.0 as IdP

Resolution

  •  Service Providers (SP) only receive a maximum validity date contained in the SAML Assertion received from the IdP. SPs usually create their own  HTTP session from this Assertion (with a matching maximum duration), but both SP and IdP sessions have their own, separated lifecycles.
  • The SP and IdP session times are unique and independent.
  • It is expected that they both have their own timeout and follow their own timeout rules (as determined by the SP and IdP).
  • It is very possible that the session on the IdP continues to be active, even when the session on the SP has expired.  Also in most cases, IdP implementations don't invoke single logout when IdP's session expires.
  • This behavior is completely dependent on which service (Liferay, ADFS... etc.) are being using for SP and IdP, how they are configured, and how they were built. This is also part of the SAML 2.0 standard.

Additional Information

What is SAML?
Setting up the SAML as IdP
Setting up the SAML as SP

 

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?