Hi, Junhwan. Why exactly do you try to use this other url for logout? Could you refer me to a doc you are following? I also not quite sure what do you mean by a "federated site" in this context. Could you describe your setup and those 2 logout flows you are mentioning in more details?

I have a Service site that works as SAML SP.(Federated site) And I also have a Gluu Server as SAML IDP. Users login to the Service site through Gluu Server. I set a frontchannel logout uri in Gluu Server as Service site's logout url. And I provide logout url as 'https://<Gluu Server Hostname>/idp/logout.jsp' from the Service site and it works well. (Users can logout from both Gluu Server and Service site) But the problem is that users can access Gluu Server itself to edit their profile. When users logout from Gluu Server itself, they'll use the logout button in Gluu Server's main page and the button's url is 'https://<Gluu Server Hostname>/identity/logout'. This url('https://<Gluu Server Hostname>/identity/logout') works only with the Gluu Server not frontchannel logout uri(Service site's logout url). Actually, I'm not sure that the frontchannel logout feature apply to SAML because frontchannel logout feature belongs to OpenID Connect not SAML. I followed 'https://gluu.org/docs/ce/3.1.1/operation/logout/'

>> This url('https://<Gluu Server Hostname>/identity/logout') works only with the Gluu Server not frontchannel logout uri(Service site's logout url). `/identity/logout/` won't work for SP's logout; it's only Gluu Server's `oxTrust` component logout. What you are using for Shib logout `/idp/logout` from SP is the proper one for logging out from any SP. I think you might have two options... - Whenever user logout from Gluu oxTrust through `/identity/logout`; there is a page showing that.. "You are logged out". You can add something like "Close the browser for complete logout" there; so user will close the browser. - Or.. use OpenID connect in total. OpenID Connect has front-channel / back-channel features.