Invalidate SAML Added in 7.5.0
Submits a SAML LogoutRequest message to Elasticsearch for consumption.
Body Required
-
acs string
The Assertion Consumer Service URL that matches the one of the SAML realm in Elasticsearch that should be used. You must specify either this parameter or the realm parameter.
-
The query part of the URL that the user was redirected to by the SAML IdP to initiate the Single Logout. This query should include a single parameter named SAMLRequest that contains a SAML logout request that is deflated and Base64 encoded. If the SAML IdP has signed the logout request, the URL should include two extra parameters named SigAlg and Signature that contain the algorithm used for the signature and the signature value itself. In order for Elasticsearch to be able to verify the IdP’s signature, the value of the query_string field must be an exact match to the string provided by the browser. The client application must not attempt to parse or process the string in any way.
-
realm string
The name of the SAML realm in Elasticsearch the configuration. You must specify either this parameter or the acs parameter.
curl \
-X POST http://api.example.com/_security/saml/invalidate \
-H "Content-Type: application/json" \
-d '{"acs":"string","query_string":"string","realm":"string"}'
{
"acs": "string",
"query_string": "string",
"realm": "string"
}
{
"invalidated": 42.0,
"realm": "string",
"redirect": "string"
}