CA Security Tuesday Tip: CA Single Sign-On - Logout is randomly not working using AgentAPI

Discussion created by Julien_Nitot Employee on Apr 22, 2015



When using a custom agent sometime the logout is not working when using a load balancer between agent and policy server



Because the Logout is using both ClientIP and Session Id you need to make sure that the ClientIP that is used for logout is the same as the one that was used to initiate the Login. If it is not the same the logout will fail. It can happen in an environment with a loadbalancing between Custom Agent and Policy Server that the client IP change.

reference : SDK guide.


https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/programming-reference/legacy-sm-java-sdk/netegrity/siteminder/javaagent/AgentAPI.html#logout(java.lang.String, netegrity.siteminder.javaagent.SessionDef)



public int logout(java.lang.String clientIPAddr,  SessionDef sd)

Logs a user out of a user session and issues an event. No database is updated.

To terminate the session, you must discard the session specification after logging out the user. To do so, set the SessionDef object to null-- for example:
 result = aa.logout(clientIPAddr, sd);  if (result == YES)  sd = null;
Use this method for logout of all users and administrators except for SiteMinder administrators. For logout of SiteMinder administrators, use logout() in class SmApiSessionof the Utilities package.


clientIPAddr - (Optional) The client IP address.
sd - The current session.
transactionId - (Optional) The client-side transaction Id.
One of these values:
  • YES. The user logged out successfully.
  • NO. The user was not logged out.
  • NOCONNECTION. The object was not connected.
  • TIMEOUT. The method timed out.
  • FAILURE. The operation failed.
  • INVALID_SESSIONDEF. The Session Definition is invalid.