Symantec Access Management

 View Only
  • 1.  Issues on SiteMinder logout functionality

    Posted Sep 12, 2019 02:38 AM
    Hi Team,

    We are facing lot of issues like sessions are not clearing after logout...

    Eg...User A logs into App A which is in ABC.com domain which is a portal application for all others apps and also it is a cookie provider domain and after logging in to App A he clicks App B which is in XYZ.com domain and again he comes back to home screen of App A and logs out from there...

    And in the same browser User B logs into App A and clicks same App B and again he comes back to home screen of App A but now he sees the User A's response...

    Here we have the logout.html placed under /webagent/samples/forms/logout.html and this html has the meta tags to clear the cahches.
    And also I have added this /siteminderagent/forms/logout.html in the logoffuri.

    But still this issue is reoccurring... 

    Could you please help me in resolving this issue?

    Thanks,
    Karthik


  • 2.  RE: Issues on SiteMinder logout functionality
    Best Answer

    Broadcom Employee
    Posted Sep 12, 2019 10:27 PM

    Hi Karthik,

    You need to configure the logout.html page so that it loads the LogoffURI for each of the cookie domains for which the user may have a session.  This is described in the Comprehensive Logout chapter of the documentation:

    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/web-agent-configuration/comprehensive-log-out

    How to Configure Full Logoff for Single Sign-on

    In a single sign-on environment, the session cookies are removed only from the local cookie domain and the cookie provider domain associated with the Web Agent. For single sign-on across multiple cookie domains, the full log-off feature of CA Single Sign-On does not automatically log a user off across all the cookie domains that the user has visited.

    To configure log-offs across multiple cookie domains, use the following process:

    1. Create one centralized log-off page that contains separate frames (or iframes) for the other cookie domains in your SSO environment. These frames can be a small size, such as 1x1 pixels.
    2. For each frame of the centralized log-off page in Step one, add a hyperlink to the Logoff Uri of the associated cookie domain. For example, if you have two other cookie domains, example.org and example.net, you would do the following steps:
      • Add a hyperlink to the Logoff Uri of example.org to one frame.
      • Add a hyperlink to the Logoff Uri of example.net to the other frame.
    3. Configure the LogoffUri of the cookie provider domain to point to the centralized log-off page. When the web server loads this log off page, the frames in the centralized log-off page call the logoff pages from the other cookie domains. The user is logged off from all the cookie domains at once.

    Regards,
    Pete
    Broadcom Layer 7 Siteminder Support


  • 3.  RE: Issues on SiteMinder logout functionality

    Posted Sep 12, 2019 10:55 PM
    Hi Pete,

    Thanks much for your response.

    Actually xyz.com domain application logout url is pointed to abc.com domain logout...the url will be like https://ABC.com/siteminderagent/forms/logout.html...so how do you want me to set the logout here.?