Symantec Access Management

Hi,

Using code we are invalidating the session. In Logoffuri we have given the URI as /abc/ig/Logout

Once the user logged into the application he is able to logout from the application successfully and it redirects to login page again. Code logic is once the user seesion is null it has to redirect to /abc/ig

In Siteminder console /abc is protected so it takes to the login page.

From Application,logic and siteminder perspection logout is working fine.

But when we hit the /abc/ig/Logout in the browser with the FQDN it throws 404 page. For ex: https://xyz.com/abc/ig/Logout

Since we protected the realm as /abc/ it should protect the https://xyz.com/abc/ig/Logout  right?

Other URLs are protected fine. For ex: https://xyz.com/abc/ig/Log takes to the login page correctly.

Please advise.

It could be basic question but i would like to clarify in this forum.

Thanks in advance.@

Ok , here is what my understanding is :

1. Realm resource fitler - /abc/ protected.
2. LogOffUri -  /abc/ig/Logout

Now, you get 404 on accessing LogOffUri (/abc/ig/Logout) without having any existing session.

This is expected. 

Reason is , any URI specified in LogOffUri is UNPROTECTED.

This is determined by web agent by matching the Request URI with the LogOffUri.

It doesn't even need to validate this against Policy server. 

Hi Ujwol,

Thanks for your valuable reply.

Thread Unable to protect the logout page.  provides the same message.

I could have searched the forums this clearly.

Thanks much for your valuable reply.

Thanks,

Karthick