Symantec Access Management

Expand all | Collapse all

Single logout in Siteminder SSO

  • 1.  Single logout in Siteminder SSO

    Posted 06-10-2015 02:20 AM

    Hi,

     

    We have configured Single sign on and single log out for 3 applications in same domain.

    SSO working fine but we are facing issue with Single Log out.

     

    SLO configuration:

     

    we have created centralized logout page and added this page URL at each application logout link.

     

    In ACO LogOffUri parameter enabled with central logout page (/logout/logout.html)

     

    Application authentication procedure:

    applications have second factor authentication (OTP ):

     

    once user hits the URL siteminder fcc page will appear (configured HTML Authscheme )

    User submits credentials on fcc.

    application will redirect the user to OTP page based on header value sent by Siteminder

    User enter OTP, application will display home page.

     

    Issue we are facing in SLO:

     

    1. I have entered app1 URL. fcc page is displayed.

    2. Entered valid credentials, application redirected me to OTP page

    3. entered valid OTP. app1 home page got displayed.

     

    4. In new tab Entered  app2 url

    5. taken to otp page, enter OTP and home page displayed

     

    SLO:

     

    6. clicked on logout link in app1

    7. siteminder session is set to logoff and application session  killed.

     

    8. now i tried to access other links in app2, since SM session is logged off,  siteminder  fcc page.

     

    9. I entered credentials in app2 fcc page,  now application displayed page which I was accessing in app2 before logout, Instead of  OTP page. since previous application session for app2 is still exist.

     

     

    Please let me know how we can kill application cookie in browser.

     

     

    Environment details:

     

    Policy server: 12.52 cr01

    Web agent: 12.52.0.142

     

     

    Regards,

    Haranadh



  • 2.  Re: Single logout in Siteminder SSO

    Posted 06-10-2015 07:56 AM

    Add something like this to your logout page.

     

    <%

    Response.Cookies("Application Cookie")="DELETED"
    Response.Cookies("Application Cookie").Expires="May 10, 2001"
    Response.Cookies("Application Cookie").Domain=".company.com"
    Response.Cookies("Application Cookie").Path="/"

    %>



  • 3.  Re: Single logout in Siteminder SSO

    Posted 06-11-2015 01:27 AM

    Thanks for the replay Mike,

     

    is this script for ASP .Net.?

    my logout page is simple html page. I tried this script but i am facing problem with executing script.

     

    Regards,

    Haranadh



  • 4.  Re: Single logout in Siteminder SSO

    Posted 06-11-2015 11:02 AM

    It's VBScript and probably needs to run on an IIS server.

     

    There is likely a way to do the same thing using another method.



  • 5.  Re: Single logout in Siteminder SSO

    Posted 06-12-2015 12:48 AM

    Mike,

    Using java script we cannot delete secure cookies [with parameter Accessible to script is set to No (HttpOnly) ]

     

    I fixed this issue using iframes.

     

    Thanks for your info.