SingleLogout is a SAML feature that is the opposite of Single Sign-on. It essentially allows a user to simultaneously log out of their current application as well as logout of their federated SAML session as well.

In some cases, companies that have implemented SAML 2.0 between ServiceNow and their federation system do not want to enable SingleLogout on their instance.

This can be a handy thing, or it can be a pain, especially if you log out of ServiceNow and then go into another authenticated federated app only to find out that you have to log back into your federation service.

There are several different options for companies that decide not to implement SingleLogout. This post, however, will focus on the following goal:

When the user clicks the Logout button in ServiceNow, it logs the user out of ServiceNow and closes that window.

Implementation

Step 1: Create a UI page that closes the current window

The key part of the HTML here is the following javascript:

1
2
3
4
  <script type="text/javascript">
    window.open('', '_self', '');
    window.close();
  </script>

Step 2: Make the UI Page public

We’ll need to be able to access this page without being authenticated. In order to do this, we browse to the following URL on your instance:

https://myinstance.service-now.com/sys_public_list.do

We create a new record where we set the “Page” field to the same as the name field on our UI Page.

Step 3: Set the SingleLogoutRequest URL to your “Close Window” page

Browse to your SAML 2.0 Properties page and modify the property as seen below:

Result

Now, when the user clicks the “Logout” button, their local session will be terminated and they will then be redirected to the “close_window.do” page and the window/tab will be automatically closed.