Anonymous_User Absent Member.
Absent Member.
509 views

SSPR logging out


Dear all,

I have configured SSPR 3.0 that uses Identity injection on http header
and Service Provider that uses SAML2.0 on my IDP (NAM 4.0).
I faced some troubles with SSPR logging out. Here are my scenarios :
- When i connect to SSPR then try to logout this work perfectly.
- When i i connect to my application then try to logout this work
perfectly.
- When i i connect to both SSPR and my application and try to logout
from the application this work perfectly and i'm logged out from both.
- When i i connect to both SSPR and my application and try to logout
from SSPR this doesn't work and the session is not closed.
I have the following error message : Error A request for logout could
not be completed.

Is there anybody who faces a similar case or who can help me on that.
Thank you.


--
bamira
------------------------------------------------------------------------
bamira's Profile: https://forums.netiq.com/member.php?userid=8512
View this thread: https://forums.netiq.com/showthread.php?t=52232

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSPR logging out


bamira;251178 Wrote:
> Dear all,
>
> I have configured SSPR 3.0 that uses Identity injection on http header
> and Service Provider that uses SAML2.0 on my IDP (NAM 4.0).
> I faced some troubles with SSPR logging out. Here are my scenarios :
> - When i connect to SSPR then try to logout this work perfectly.
> - When i i connect to my application then try to logout this work
> perfectly.
> - When i i connect to both SSPR and my application and try to logout
> from the application this work perfectly and i'm logged out from both.
> - When i i connect to both SSPR and my application and try to logout
> from SSPR this doesn't work and the session is not closed.
> I have the following error message : Error A request for logout could
> not be completed.
>
> Is there anybody who faces a similar case or who can help me on that.
> Thank you.


I would think, but not sure, that even with SAML, the /AGLogout URL
should work. But it sounds like you're using some other application to
integrate with SSPR possibly via the REST calls?

Normally NAM -> SSPR is fairly straightforward, use the SSO as described
in the docs and configure the logout URL to be: /AGLogout if you want to
ensure that logging out of SSPR ends ALL your NAM sessions (just keep in
mind that it will do that).

But I'm not sure what other application you are using and how that may
affect things.

We only use SSPR for passwords and have configured NAM to use SSPR for
expired passwords. We don't have any other apps that integrate with
SSPR.

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52232

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR logging out


You should also consider enabling NAM Cookie Mangling feature for the
NAM SSPR protected resource.

kjhurni;251406 Wrote:
> I would think, but not sure, that even with SAML, the /AGLogout URL
> should work. But it sounds like you're using some other application to
> integrate with SSPR possibly via the REST calls?
>
> Normally NAM -> SSPR is fairly straightforward, use the SSO as described
> in the docs and configure the logout URL to be: /AGLogout if you want to
> ensure that logging out of SSPR ends ALL your NAM sessions (just keep in
> mind that it will do that).
>
> But I'm not sure what other application you are using and how that may
> affect things.
>
> We only use SSPR for passwords and have configured NAM to use SSPR for
> expired passwords. We don't have any other apps that integrate with
> SSPR.
>
> --Kevin



--
jrivard
------------------------------------------------------------------------
jrivard's Profile: https://forums.netiq.com/member.php?userid=541
View this thread: https://forums.netiq.com/showthread.php?t=52232

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR logging out


jrivard;251418 Wrote:
> You should also consider enabling NAM Cookie Mangling feature for the
> NAM SSPR protected resource.


Is that in the docs?

Only asking because if not, I'll submit feedback.


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52232

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.