Logout of SAML Added in 7.5.0
Submits a request to invalidate an access token and refresh token.
NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.
This API invalidates the tokens that were generated for a user by the SAML authenticate API. If the SAML realm in Elasticsearch is configured accordingly and the SAML IdP supports this, the Elasticsearch response contains a URL to redirect the user to the IdP that contains a SAML logout request (starting an SP-initiated SAML Single Logout).
Body Required
-
The access token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent token that was received after refreshing the original one by using a
refresh_token
. -
refresh_token string
The refresh token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent refresh token that was received after refreshing the original access token.
curl \
-X POST http://api.example.com/_security/saml/logout \
-H "Content-Type: application/json" \
-d '{"token":"string","refresh_token":"string"}'
{
"token": "string",
"refresh_token": "string"
}
{
"redirect": "string"
}