Symantec Access Management

 View Only
  • 1.  Implementing SP and IDP initiated SLO

    Posted Aug 30, 2019 03:45 PM
    Edited by Deactivated User Sep 02, 2019 08:08 AM
    Hello All,

    I have never implemented SLO in Federation partnership and hence would like few guidance for IDP and SP initiated SLO. In this Scenario, we are acting as the IDP and want to invalidate the SMSESSION. Is there any other way to invalidate the SMSESSION on the browser?

    I tried implementing SLO, i.e. configuring SLO Binding to HTTP-Redirect and then SLO Service Location URL as https://IDP//affwebservices/public/saml2slo , SLO Confirm URL as https/SP/Logout.html and also SLO Service URL as https://IDP//affwebservices/public/saml2slo .

    When i create a SMSESSION on the browser and access the SLO URL https://IDP//affwebservices/public/saml2slo in the same browser, then i get the below error in logs: -

    [07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Transaction with ID: 1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a failed. Reason: SLO_GET_EXCEPTION]

    {07:19:29][49564][48495472][1f814793-085bb6de-90869a60-51f8b924-d07c3e76-e7a][SLOService.java][doGet][Exception caught in class com.netegrity.affiliateminder.webservices.saml2.SLOService, method doGet: java.lang.NullPointerException

    Can you please guide where i am wrong or any pointers to Documents which i can refer?

    Thank You
    Ankur


  • 2.  RE: Implementing SP and IDP initiated SLO
    Best Answer

    Broadcom Employee
    Posted Sep 06, 2019 02:54 AM
    Hi Ankur,

    To implement SLO in Federation, you need a Session Store and your
    realms configured as persistent.

    At first glance, I'd recommend you to read the SLO documentation for
    Federation.

    Logging Out of User Sessions
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/partnership-federation/logging-out-of-user-sessions

    I hope this helps,

    Best Regards,
    Patrick