Logout of SAML
Added in 7.5.0
Submits a request to invalidate an access token and refresh token.
NOTE: This API is intended for use by custom web applications other than Kibana. If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.
This API invalidates the tokens that were generated for a user by the SAML authenticate API. If the SAML realm in Elasticsearch is configured accordingly and the SAML IdP supports this, the Elasticsearch response contains a URL to redirect the user to the IdP that contains a SAML logout request (starting an SP-initiated SAML Single Logout).
Body
Required
-
token
string Required The access token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent token that was received after refreshing the original one by using a
refresh_token. -
refresh_token
string The refresh token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent refresh token that was received after refreshing the original access token.
curl \
--request POST 'http://api.example.com/_security/saml/logout' \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json" \
--data '"{\n \"token\" : \"46ToAxZVaXVVZTVKOVF5YU04ZFJVUDVSZlV3\",\n \"refresh_token\" : \"mJdXLtmvTUSpoLwMvdBt_w\"\n}"'{
"token" : "46ToAxZVaXVVZTVKOVF5YU04ZFJVUDVSZlV3",
"refresh_token" : "mJdXLtmvTUSpoLwMvdBt_w"
}{
"redirect" : "https://my-idp.org/logout/SAMLRequest=...."
}