# Logout of SAML

**POST /_security/saml/logout**

Submits a request to invalidate an access token and refresh token.

NOTE: This API is intended for use by custom web applications other than Kibana.
If you are using Kibana, refer to the documentation for configuring SAML single-sign-on on the Elastic Stack.

This API invalidates the tokens that were generated for a user by the SAML authenticate API.
If the SAML realm in Elasticsearch is configured accordingly and the SAML IdP supports this, the Elasticsearch response contains a URL to redirect the user to the IdP that contains a SAML logout request (starting an SP-initiated SAML Single Logout).

[More about SAML authentication](https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/saml)

## Servers
- http://api.example.com: http://api.example.com ()


## Authentication methods
- Api key auth
- Basic auth
- Bearer auth


## Parameters



### Body: application/json (object)

- **token** (string)
  The access token that was returned as a response to calling the SAML authenticate API.
  Alternatively, the most recent token that was received after refreshing the original one by using a `refresh_token`.
- **refresh_token** (string)
  The refresh token that was returned as a response to calling the SAML authenticate API.
  Alternatively, the most recent refresh token that was received after refreshing the original access token.


## Responses
### 200


#### Body: application/json (object)
- **redirect** (string)
  A URL that contains a SAML logout request as a parameter.
  You can use this URL to be redirected back to the SAML IdP and to initiate Single Logout.


[Powered by Bump.sh](https://bump.sh)