Layer7 Access Management

SAML SLO with cookie provider domain

  • 1.  SAML SLO with cookie provider domain

    Posted 03-05-2019 12:00 AM

    Hi All


    We have deployed CA SSO with SAML2 in our organization. We have also deployed SLO solution.  This achieves logout by clearing all SP sessions and then clearing CA SSO SMSESSION cookie.

    Now, we are in process to implement cookie provider domain. As this solution creates master cookie and local cookie, there are two SMSESSION's created. However during SLO, only the local domain SMSESSION is cleared. This leaves the master cookie domain SMSESSION cookie in tact, thus the logout process is not complete .

    The solution that I have thought is as follows (yet to be tested): create a custom jsp page for SLO, which will first call common-logout to clear master cookie and then continue SAML SLO function as is. So provide the SAML SP's the url fo this jsp page as SLO url (instead of default saml2slo url).

    Was wondering, if there is any easier solution than above?

    Thanks for the help