[keycloak]SAML - Logout issue

r.lebohec · November 25, 2025, 2:43pm

Hi,

While following the IdP configuration guide Using Keycloak with Ignition | Inductive Automation , I’ve noticed that my Idp SAML user logout requests are not being executed properly.
For troubleshooting, I’ve already enabled the WebAuthSessionImpl logger, but I’m wondering which additional Ignition logger would be useful to activate in order to get more detailed insight into the SAML flow, especially during Single Logout.

On the Keycloak side, the “Logout Service Binding URL” is configured as:

https://<gateway>:8043/data/federate/callback/saml

If anyone has suggestions regarding other helpful loggers (SAML, IdentityProvider, Gateway…) or potential adjustments on the Keycloak/Ignition setup for SLO, I’d greatly appreciate it.

Thanks!

r.lebohec · November 27, 2025, 7:24am

Hi @jspecht,

It seems that this is undergoing a development. What is the status?

jspecht · December 1, 2025, 4:07pm

SAML Single Logout is still not supported as you found out. It’s still on the backlog. I’ll link this forum thread to the associated ticket which will hopefully bump its priority.