Forum Discussion
Eric_Raff_11012
Nimbostratus
NimbostratusSharePoint and SAML Single Log Out
I have an APM Policy doing SAML authN client side (APM is the SAML service provider) and Kerberos AuthN server side. All working well there. Dealing with Single Log Out and I want both the APM sessio...
Eric_Raff_11012Nimbostratus
NimbostratusHmm, it does not like the ACCESS:: commands as part of the HTTP_REQUEST. I get this error?: [command is not valid in current event context (HTTP_REQUEST)][ACCESS::respond 302 Location "https://[HTTP::host]" "Set-Cookie" "MRHSession=0; expires=Tuesday, 29-Mar-1970 00:15:00 GMT" "Connection" "Close"] Will look around to see what I can find. I get your suggesting to use the APM ACCESS:: commands to kill the session then redirect. Thanks
Eric_Raff_11012Nimbostratus
NimbostratusRight HTTP::respond worked but still have a couple issues. 1) it is not performing SAML Single Log Out, and as a result when I get the APM session killed, and 2) when I get redirected back to the HTTP::host, APM initiates a new SAML request and the IdP still has a session for me so it does not appear as the user was ever logged out as indeed they were not logged out from the IdP. That is what I like about the redirect to /my.logout.php3 that piece took care of the SAML Logout for me. So it is not quite as simple as killing the APM session then redirecting to the desired HOST in my use case. Need to have the SAML Single Log Out piece in there as well. Need a Redirect to /my.logout.php3 and then another redirect to the initial host somehow.
Thanks