Skip to content

Configuration >> SAML Sessions

The SAML Sessions page displays a table of currently authenticated users via SAML.

SAML Session Table

The table includes:

  • Username
  • Client IP
  • User Agent
  • Group Membership
  • Last Activity Timestamp
  • SAML Session Expiration Timestamp

Filters

Above the session table, various filters can be applied to help find user sessions of interest.

Each session entry offers a contextual menu to manually terminate an individual session.

  • To terminate a single session, hover over the record, click on the contextual menu, and then click on Delete Session
  • To terminate ALL sessions, use the Clear User Sessions button on the ICAP Configuration page.

Self-service Logout Page

Shield provides a self-service logout page that end users can visit through the proxy to end their own SAML session — without requiring administrator intervention.

When a user navigates to the configured Self-service Logout URL (default: https://nullafi.com/icap/logout), Shield intercepts the request at the ICAP layer and serves a logout page directly. The page displays the user's current session details:

  • Username
  • IP Address
  • Group Membership
  • Last Active timestamp
  • Session Expiry timestamp

Clicking Log me out invalidates the session immediately. If no active session exists for the request, the page displays a "No active session" message instead.

The logout URL can be customized in ICAP Configuration → Security → Self-service Logout URL. It must be an HTTPS address. Changing this URL takes effect immediately without a restart.

Note: The self-service logout page is only available when SAML Authentication is enabled.