Layer7 API Management

  • Private Community

  • 1.  Do we have CA Single Sign-on assertion to manage LogOff?

    Posted Feb 28, 2018 12:27 PM

    Hi All,

     

    I am aware there are API GW assertions to manage CA Single Sign-on Authenticate and Authorisation. 

     

    Do we have CA Single Sign-on assertion to manage LogOff? if not, do we have any possible ways to manager Siteminder LogOff calls from API GW?

     

    Thanks,

    Saravanan 



  • 2.  Re: Do we have CA Single Sign-on assertion to manage LogOff?

    Broadcom Employee
    Posted Mar 06, 2019 05:13 PM

    Saravanan,

     

    The assertion within the Gateway only supports authentication and authorization not logoff functionality. 

    Working with CA Single Sign-On - CA API Gateway - 9.3 - CA Technologies Documentation 

     

    Logout will need to be handled outside of the Gateway through a WebAgent.

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  Re: Do we have CA Single Sign-on assertion to manage LogOff?
    Best Answer

    Broadcom Employee
    Posted Mar 07, 2019 10:29 AM

    Additional info:

    SSO Agent API has a number of calls/function that can be implemented

    APIM implemented only a few

    Protected assertion call isProtected()

    Authentication assertions calls login()

    Authorized assertions calls authorized()

     

    No assertion that calls logout()

     

    Logout sets the client SMSESSION cookie = LOGGEDOFF, but it also does a call back to the policy server for that session if session store is in play it will remove that sessionid from the store