Anonymous_User Absent Member.
Absent Member.
712 views

SSPR Logout URL


Hi;
I have configured SSPR in Access Manager.
I used SSPR URL in an other application and when i change the password
throw SSPR >> the logout don't work
I wander to know what's the URL can i use to logout into SSPR to log the
users out the identity server and identity provider when password is
changed.

Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


falimrina;249137 Wrote:
> Hi;
> I have configured SSPR in Access Manager.
> I used SSPR URL in an other application and when i change the password
> throw SSPR >> the logout don't work
> I wander to know what's the URL can i use to logout into SSPR to log the
> users out the identity server and identity provider when password is
> changed.
>
> Thank's


Assuming I understood correctly, that when someone logs out of SSPR you
also want their NAM session logged out?

The information is in the docs (well, WHERE to put the setting anyway:
http://tinyurl.com/nzgtdrs

You would use the Logout URL setting and put:
/AGLogout

if you wanted to logout of the NAM IDS session

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


Yes i want also to close their NAM session;
I have configured the /AGLogout in SSPR logout URL;>> when we used SSPR
with NAM the logout work fine
The problem is: >> when i use the SSPR URL with an other application,
the logout in NAM session don't work.
So my question is there an other NAM logout URL that can i used to
logout directly?

Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


falimrina;249198 Wrote:
> Yes i want also to close their NAM session;
> I have configured the /AGLogout in SSPR logout URL;>> when we used SSPR
> with NAM the logout work fine
> The problem is: >> when i use the SSPR URL with an other application,
> the logout in NAM session don't work.
> So my question is there an other NAM logout URL that can i used to
> logout directly?
>
> Thank's


I guess I'm not understanding by what you mean when you say:

> The problem is: >> when i use the SSPR URL with an other application,
> the logout in NAM session don't work.


If NAM is front-ending the SSPR server and your other app is using the
published DNS name/URL of SSPR, then logging out of SSPR should always
log you out of NAM

Or are you possibly using the REST services of SSPR for your app? (I
think there's REST services you can call for SSPR).

/AGLogout is the universal logout URL of NAM
Any proxy that you setup in NAM can be used with a /AGLogout at the end,
and it will log you out of all the IDS sessions.

So if you have 3 proxies in your AG setup:
mail.something.com
app1.something.com
sspr.something.com

You can use:
mail.something.com/AGLogout
app1.something.com/AGLogout
sspr.something.com/AGLogout

I usually choose the FIRST proxy that was created, since it's also your
ESP.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


kjhurni;249207 Wrote:
> I guess I'm not understanding by what you mean when you say:
>
>
>
> If NAM is front-ending the SSPR server and your other app is using the
> published DNS name/URL of SSPR, then logging out of SSPR should always
> log you out of NAM
>
> Or are you possibly using the REST services of SSPR for your app? (I
> think there's REST services you can call for SSPR).
>
> /AGLogout is the universal logout URL of NAM
> Any proxy that you setup in NAM can be used with a /AGLogout at the end,
> and it will log you out of all the IDS sessions.
>
> So if you have 3 proxies in your AG setup:
> mail.something.com
> app1.something.com
> sspr.something.com
>
> You can use:
> mail.something.com/AGLogout
> app1.something.com/AGLogout
> sspr.something.com/AGLogout
>
> I usually choose the FIRST proxy that was created, since it's also your
> ESP.

Thank's for response, i have 2 proxies in my AG setup,
SSPR is configured in the second AG i setup SSPR logout URL to
"iam.services.com/AGLogout" >> SSPR is configured in this proxy
"iam.services.com"
The Logout work fine when we used SSPR throw identity service; the
problem is that When the SSPR is used in an other application the logout
doesn't work.
I think that the problem was in the application used with SSPR;
I will verify this.


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


falimrina;249284 Wrote:
> Thank's for response, i have 2 proxies in my AG setup,
> SSPR is configured in the second AG i setup SSPR logout URL to
> "iam.services.com/AGLogout" >> SSPR is configured in this proxy
> "iam.services.com"
> The Logout work fine when we used SSPR throw identity service; the
> problem is that When the SSPR is used in an other application the logout
> doesn't work.
> I think that the problem was in the application used with SSPR;
> I will verify this.


I note that we used a service provider.
We used SSPR with an application based on service provider, we have
configured SSPR logout URL to be global logout URL of NAM /AGLogout;
when we make changePassword throx SSPR the logout doesn't work.
When we changePaswword throw SSPR whthout the using the application the
logout work fine.
So i wander to know why the AGLogout URL of NAM, don't work when using a
service provider.
Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


falimrina;249319 Wrote:
> I note that we used a service provider.
> We used SSPR with an application based on service provider, we have
> configured SSPR logout URL to be global logout URL of NAM /AGLogout;
> when we make changePassword throx SSPR the logout doesn't work.
> When we changePaswword throw SSPR whthout the using the application the
> logout work fine.
> So i wander to know why the AGLogout URL of NAM, don't work when using a
> service provider.
> Thank's


Have you tried changing the SSPR logout to be just:
/AGLogout

That's what we put in there, so it doesn't depend upon the DNS name

If you're calling the REST/SOAP services, I don't think this triggers
the logout URL's, but I could be wrong. Typically when you call the
services from another app you are specifically telling the other
application to ONLY use that "service" and not the full interface.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


kjhurni;249328 Wrote:
> Have you tried changing the SSPR logout to be just:
> /AGLogout
>
> That's what we put in there, so it doesn't depend upon the DNS name
>
> If you're calling the REST/SOAP services, I don't think this triggers
> the logout URL's, but I could be wrong. Typically when you call the
> services from another app you are specifically telling the other
> application to ONLY use that "service" and not the full interface.


I am using an application based en SAML (SAML service provider), in this
application i am calling SSPR service.
So it seems that SSPR doesn't work a service SAMl.
Now when iam calling SSPR in this application and made change password,
i wonder to log out the user of Identity server and service provider.
I precise that SSPR logout URL is configured to be /AGLogout.

Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR Logout URL


falimrina;249526 Wrote:
> I am using an application based en SAML (SAML service provider), in this
> application i am calling SSPR service.
> So it seems that SSPR doesn't work a service SAMl.
> Now when iam calling SSPR in this application and made change password,
> i wonder to log out the user of Identity server and service provider.
> I precise that SSPR logout URL is configured to be /AGLogout.
>
> Thank's

I am using an application based en SAML (SAML service provider), in this
application i am calling SSPR service.
1- users could login to the IDP server and get SSO to a remote SAML2
Service Provider (SP).
2- once user is loging it is redircted to a page that containt SSPR
URL.
3- when iam calling SSPR in this application and made change password,
at the end of this operation the logout doesn't work.
I precise that SSPR logout URL is configured to be /AGLogout.

Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51825

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.