From cc2215d0a2c3ae678184156661aa3b2229ab4c09 Mon Sep 17 00:00:00 2001
From: Chris Barth <chrisjbarth@hotmail.com>
Date: Tue, 30 May 2023 10:14:29 -0400
Subject: [PATCH] Clarify SLO support in `passport-saml`

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dcf59316..1b5625af 100644
--- a/README.md
+++ b/README.md
@@ -393,9 +393,11 @@ Passport-SAML has built in support for SLO including
 - Decryption of encrypted name identifiers in IdP initiated logout
 - `Redirect` and `POST` SAML Protocol Bindings
 
+Note: Fully functional IdP initiated SLO support is not provided out of the box. You have to inspect your use cases / implementation / deployment scenarios (location of IdP in respect to SP) and consider things / cases listed e.g. at issue(s) [#221](https://github.com/node-saml/passport-saml/issues/221) and [#419](https://github.com/node-saml/passport-saml/issues/419). Library provides you a mechanism to veto "Success" result but it does not provide hooks/interfaces to implement support for IdP initiated SLO which would work under all circumstances. You have to do it yourself.
+
 ## ChangeLog
 
-See [Releases](https://github.com/node-saml/passport-saml/releases) to find the changes that go into each release.
+See [Releases](https://github.com/node-saml/passport-saml/releases) to find the changes that go into each release. Additionally, see the [CHANGELOG](./CHANGELOG.md).
 
 ## FAQ