To set up Single Logout (SLO) with PingFederate as the Identity Provider (IdP) and Shopify as the Service Provider (SP), the Shopify SSO application can use SAML-based SLO features. This setup securely logs users out from both platforms.
Step-by-Step SLO Integration Flow
1. Configure PingFederate for SLO
In your PingFederate admin console:
– Enable SLO session tracking to keep track of active user sessions.
– In the SP Connections section, under Browser SSO, set up your Shopify SAML connection for SLO.
– In the SAML Profiles tab, choose the right SAML binding (POST or Redirect).
– Add the Shopify SLO endpoint URL for logout requests.
This step allows PingFederate to start SAML logout requests to Shopify when the user logs out from any connected application.
2. Configure Shopify SSO App for SLO
Open the Shopify SSO app and select the SAML protocol, then click on PingFederate IdP. Enter the PingFederate Identity Provider SLO URL in the SSO app’s SAML settings. Upload the PingFederate IdP Metadata to set up secure SSO.
Turn on Single Logout support in the app’s advanced settings, if it is available. This ensures that Shopify can send logout requests to PingFederate when the user logs out from the Shopify storefront and vice versa.
3. Implement Logout Initiation
From Shopify: When a user clicks logout on Shopify, the Shopify SSO app sends a SAML Logout Request to PingFederate’s IdP SLO URL. This triggers logout from all linked applications.
From PingFederate: If a user logs out of another app connected to PingFederate, it will send logout requests to all configured SP SLO endpoints, including Shopify’s. This makes sure that sessions terminate in one place.
This setup provides secure and consistent user logout across your ecosystem. It complies with identity standards and ensures a smooth user experience.
