Layer 7 Access Management

Expand all | Collapse all

Implementing SP and IDP initiated SLO

Jump to Best Answer
  • 1.  Implementing SP and IDP initiated SLO

    Posted 08-30-2019 03:45 PM
    Edited by Ankur Taneja 09-02-2019 08:08 AM
    Hello All,

    I have never implemented SLO in Federation partnership and hence would like few guidance for IDP and SP initiated SLO. In this Scenario, we are acting as the IDP and want to invalidate the SMSESSION. Is there any other way to invalidate the SMSESSION on the browser?

    I tried implementing SLO, i.e. configuring SLO Binding to HTTP-Redirect and then SLO Service Location URL as https://IDP//affwebservices/public/saml2slo , SLO Confirm URL as https/SP/Logout.html and also SLO Service URL as https://IDP//affwebservices/public/saml2slo .

    When i create a SMSESSION on the browser and access the SLO URL https://IDP//affwebservices/public/saml2slo in the same browser, then i get the below error in logs: -

    [07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Transaction with ID: 1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a failed. Reason: SLO_GET_EXCEPTION]

    {07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.SLOService, method doGet: java.lang.NullPointerException

    Can you please guide where i am wrong or any pointers to Documents which i can refer?

    Thank You
    Ankur


  • 2.  RE: Implementing SP and IDP initiated SLO
    Best Answer

    Posted 09-06-2019 02:54 AM
    Hi Ankur,

    To implement SLO in Federation, you need a Session Store and your
    realms configured as persistent.

    At first glance, I'd recommend you to read the SLO documentation for
    Federation.

    Logging Out of User Sessions
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/partnership-federation/logging-out-of-user-sessions

    I hope this helps,

    Best Regards,
    Patrick