Hi Wasfi,
I actually tested with the ENT agent, running inside a location that is defined as Explicit Proxy with the Agent active, but I did not configure the client explicitly so it just used the agent. After I pushed the CPL above into my UPE tenant and I visited the URL, I could the SAML authN and redirect to my IDP (MSFT's login. icrosoftonline.com) which I did not see before.
regards,
jan
Original Message:
Sent: Jun 14, 2024 04:27 AM
From: Jan Turba
Subject: How do you flush the surrogate credentials cache?
Hi Wasfi,
I got your email, thank you. I tested option 2 and it works with UPE tenant. Btw I am not sure where the "</proxy>" came from. The CPL is just:
<proxy "User logout">
url="http://company.com/log_out.html" user.login.log_out(yes)
-Jan
Original Message:
Sent: Jun 10, 2024 10:50 AM
From: Jan Turba
Subject: How do you flush the surrogate credentials cache?
Hi Wasfi,
There are multiple ways to achieve this.
- Use the adv URL of proxy of https://proxy:8082/Auth/IP-Logins/Logout/Realm/{your realm name}/user/{your domain}/%5C{your username}/Ip/{your client IP}. You can curl this or MC script it.
- Use the CPL option. You can write a policy that says that if the user hits a website of your choice, it gets logged out on the proxy.
<proxy "Log out rule">
<proxy> url="http://company.com/log_out.html" user.login.log_out(yes)</proxy>
For the first method you need to know the WSS client IP and the user to complete the URL. For the CPL policy option the client IP does not matter. Anybody that hits the URL gets logged out.
-jan
Original Message:
Sent: Jun 06, 2024 07:36 PM
From: Wasfi Bounni
Subject: How do you flush the surrogate credentials cache?
Hi;
Is there a way to flush the surrogate credentials cache (cookie or IP) . I am particularly interested in doing that for connection made with WSS agent.
Kindly
Wasfi