AnsweredAssumed Answered

Flow of logout in SLO

Question asked by SamWalker on Jul 6, 2017
Latest reply on Jul 6, 2017 by Patrick-Dussault

Hi , We are federating with salesforce and running into a wierd issue with SLO. We are using SAML2  HTTP Post binding for SSO, persistent session are enabled and working fine for other apps along with SalesForce. When we implemented SSO, we are having an issue only with SLO feature of SalesForce federation, and the issue happens only 40-50% of the time. SLO is enabled with HTTP-Redirect.

 

Flow when the request is successful:

 

  • When user clickes on logout.jsp in salesforce,
  • salesforce completes its share of session removal and
  • then redirects user to https://fedsps.com/affwebservices/saml2slo, 
  • the subsequently user gets redirected to salesforce.com?SAMLRequest=something, and then finally to SLO Confirm/Location URL configured with in SM.

 

Unsuccessful scenario:

 

It is happening on both of my SPS servers and consistently, fails 50% of the time.

 

Can anyone assist me what could be happening here? and some explanation on the flow of how SLO  works.

 

Thanks in advance.

Outcomes