Go directly to contents.
Suomi.fi e-Identification

SAML-example LogoutRequest

The logout request can be made in two directions: the e-service can send the logout request to the Suomi.fi identification or vice versa. The logout request has the same structure in both cases.

Logout requests can be made using the HTTP Redirect (GET) or HTTP POST SAML2 profile.

Local logout should be done before sending the SLO request to Suomi.fi.

Service provider can't send the SLO-message in back-channel, because at logout the user will be shown the SLO status information of all services that were logged in to using the same SSO-session and the user must confirm the check-out manually.

Please note! In the example, the SAML messages are in original format from which they are converted into a format that can be transferred between machines.

HTTP-POST

<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                      Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/POST/SLO"
                      ID="_3dafe578-c764-481e-b89f-e0ee85c2b306"
                      IssueInstant="2017-07-18T10:58:19.252Z"
                      Version="2.0"
                      >
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
            <ds:Reference URI="#_5ff90866-d79c-40af-b97c-5693c3ccf99f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                <ds:DigestValue>FFrrQKu1YpCx1CLIjuO4bEOQpCgnWkitlJ0sP2DYmtc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GGff4qNXQHvtyyDJkiM5gxVR6uEuraBUJGOYeW5NkyjFrcR8GqHO5PGIusyeahzXM86saO/kpGamnrvIJbvMXx5r56Pll1SIR3Necci6zdvyu7f4a+u2VcxkmNYeP3uCOK+3nry/1eERugF0W2w947L3k0Zfj0r1JCU+gvIjojWdzmLTdpdJueV8AmwGC/Q0Jxh8Yfeq2wY1nFUFTwEuBKsalDZryz2QtU8yDWLeoh/oggrQFiKLWhybweYm9j5fnsSQt3a6jHqpbvYUWFXl1DM5A63d8gy6yxNjtNF5eedzvO/XuTdi/mti6HKZRkDKi+TbnFu9DsMUqdHjrWIFew==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIC9jCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCZmkx
EDAOBgNVBAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMM
FmthbGFzdHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJ
KoZIhvcNAQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwHhcNMTcw
NzEyMTAzNzUzWhcNMjAwNDA3MTAzNzUzWjCBlzELMAkGA1UEBhMCZmkxEDAOBgNV
BAgMB1V1c2ltYWExEzARBgNVBAoMCk1hbGxpa3VudGExHzAdBgNVBAMMFmthbGFz
dHVzLm1hbGxpa3VudGEuZmkxETAPBgNVBAsMCEthbGFzdHVzMS0wKwYJKoZIhvcN
AQkBFh52YWx2b2phQGthbGFzdHVzLm1hbGxpa3VudGEuZmkwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJyw8fKRhBV+9FrehLCOZ/3gUxMymL39vNvRArIxRVTH
nVH6O8aqgF6kZWtZZ3CyY8311AiVMLW6CGfN1hHfx0X4Ht89hl6I/xjxy4epEIy+
8Hgc5dUGW4H1y4Cluv+/0+HPK0Q5cBZbK0UJEITQsztJXVzncxXkgW7WL9ls+ZYV
AgMBAAGjUDBOMB0GA1UdDgQWBBS2BqWELR0KeNzzWruj1EtxWllPLzAfBgNVHSME
GDAWgBS2BqWELR0KeNzzWruj1EtxWllPLzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBDQUAA4GBAEcS+hWu2Op0TOdJm4ZhtvJLqgGQ9bj1ICUzsozWIzaQLx83j5Kc
/A/0P57d2h/23fkMnbqbkFCFKt47GEBoo78sUEelj46k/lhuV5BDUEcAeCP7D+UR
GcpDlDzH9RiVL+c42YGElENu6mt2defOYLh16RvnJxR1lzhnSKmJV/Xz
</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                  Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                  NameQualifier="https://testi.apro.tunnistus.fi/idp1"
                  SPNameQualifier="https://kalastus.mallikunta.fi/SAML2SP"
                  >AAdzZWNyZXQxBNEFIM/JFqQo394qYsgFikQ37Fc3y0DFvBDwIB99jIez+fi55snWKtP9u7uZrDJUhcILVz5sypPPjDJ2SyfCDtN18A36KJ8uFW6zddPVgbiU7XaNoF6cuLkHKx6TKd/nChd2LIti9ORQGcH/0GK6YEcJpuDdEpCp6bfZsH+hSA==</saml2:NameID>
    <saml2p:SessionIndex>_d249056df0ee42f5ad68b8a67710c807</saml2p:SessionIndex>
</saml2p:LogoutRequest>

HTTP-Redirect

Ett XML-meddelande som förmedlas som parameterns SAMLRequest query värde med en BASE64-kodning.

<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://testi.apro.tunnistus.fi/idp/profile/SAML2/Redirect/SLO"
                     ID="_7891c8499e749afa27c3b375091d69e9"
                     IssueInstant="2017-07-20T07:36:20Z"
                     Version="2.0"
                     >
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://kalastus.mallikunta.fi</saml:Issuer> <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://testi.apro.tunnistus.fi/idp1" SPNameQualifier="https://kalastus.mallikunta.fi/SAML2SP" >AAdzZWNyZXQxuCv8NAYSuCyZcoBq5b9XNIRKipe09Kkscf6irTP/LWxperqMASdFTs9cn3BrRqJS/wSoK5czfvX3Xza7SC6240NmYQ8jJqKl+IThwMcFhpYt/2yDLfKGEL4mWrD72b+7IOcv8oFaZAR7gUZX2i/qLdBka54FONQ82fxpla3COg==</saml2:NameID> <samlp:SessionIndex>_dd899f81ed9539baff725db3c5529a74</samlp:SessionIndex> </samlp:LogoutRequest>

Additionally these are passed as separate parameters:

RelayState: ss:mem:7225343aa85efec6d77b1e64f5297f92c0f46fc09954cefc817a48ae5204ed30
SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature: HÖPÖHÖÖaTFD870iqCvZjgpGy/R1KA7r4y7Amo4GwBz5PmOeFJ/Ra8Dv7+roZoMak3PYLhBjSk17o4RIEcbioRJUNhaSqsiw/YjHA1gYz2i/JQKAfSzo7L7VKh7uOuM7niBaaKcsOKDhsJoYUUmOPZj2MbGEqnaqX6YUilf/5aN8tXFqU6f7sA35emMoGHWGNzI5ZNFjuTee/nVlmmO57Sn8yoJ6cCBm1Yf+i9Mtmwro6Fsfa0zRB0Otz+WHMOeki+4pdHefPRF5msQ2s6yUT34Wpb+eodWR2Q/sqrAjp6tdWjW2thyPdHmFen8OZss8axfhSiaybj62De0QKXNOn4A==

Updated: 28/10/2024

Are you satisfied with the content on this page?