AnsweredAssumed Answered

SAML SLO with cookie provider domain

Question asked by Suhas.Kulkarni on Mar 5, 2019

Hi All

 

We have deployed CA SSO with SAML2 in our organization. We have also deployed SLO solution.  This achieves logout by clearing all SP sessions and then clearing CA SSO SMSESSION cookie.

Now, we are in process to implement cookie provider domain. As this solution creates master cookie and local cookie, there are two SMSESSION's created. However during SLO, only the local domain SMSESSION is cleared. This leaves the master cookie domain SMSESSION cookie in tact, thus the logout process is not complete .

The solution that I have thought is as follows (yet to be tested): create a custom jsp page for SLO, which will first call common-logout to clear master cookie and then continue SAML SLO function as is. So provide the SAML SP's the url fo this jsp page as SLO url (instead of default saml2slo url).

Was wondering, if there is any easier solution than above?

Thanks for the help

Outcomes