Layer7 Access Management

Expand all | Collapse all

Flow of logout in SLO

  • 1.  Flow of logout in SLO

    Posted 07-05-2017 11:28 PM

    Hi , We are federating with salesforce and running into a wierd issue with SLO. We are using SAML2  HTTP Post binding for SSO, persistent session are enabled and working fine for other apps along with SalesForce. When we implemented SSO, we are having an issue only with SLO feature of SalesForce federation, and the issue happens only 40-50% of the time. SLO is enabled with HTTP-Redirect.

     

    Flow when the request is successful:

     

    • When user clickes on logout.jsp in salesforce,
    • salesforce completes its share of session removal and
    • then redirects user to https://fedsps.com/affwebservices/saml2slo, 
    • the subsequently user gets redirected to salesforce.com?SAMLRequest=something, and then finally to SLO Confirm/Location URL configured with in SM.

     

    Unsuccessful scenario:

     

    It is happening on both of my SPS servers and consistently, fails 50% of the time.

     

    Can anyone assist me what could be happening here? and some explanation on the flow of how SLO  works.

     

    Thanks in advance.



  • 2.  Re: Flow of logout in SLO

    Posted 07-06-2017 06:48 AM
    Hi SamWalker,
    I don't find problem related to proxyui.htm from our knowledge base,
    and I doubt the page is in /affwebservices/proxyui.htm. Could you
    check if the page is there ? Where did you configured the proxyui.htm
    ? Could you share with us the Fiddler traces from the issue
    reproduction ? To investigate deeper, I'll suggest you to open a
    Support Case as this thread might not be the better options as it need
    configuration review.
    Best Regards,
    Patrick