Technical Tip: SAML SP SingleLogoutService in FortiMail
| Description | This article describes how to avoid SAML logout issues in FortiMail. By default, there is no SingleLogoutService in Fortimail SP metadata. Therefore, some SAML IDPs can send the LogoutResponse to the wrong destination in the SP which causes SAML errors.
|
| Scope | FortiMail 7.0, 7.2, 7.4. |
| Solution | Configure the 'Logout Service POST Binding URL' or 'SP SLS (logout) URL' (naming depends on IDP) field to 'https://<fortimail_ip>/sso/Logout' in IDP to avoid SAML errors while logging out of SAML. For example, FortiAuthenticator as IDP:
|
