Question

9
Replies
3082
Views
Close popover
Ashwinraj Shekar (sheka1)
PEGA
Sr. System Architect
Pegasystems Inc.
IN
View Profile Send Message
sheka1 Member since 2014 1 post
PEGA
Posted: April 15, 2018
Last activity: January 28, 2019
Closed
Solved

SSO logoff - Doesn't kill the session

Our application has been configured with an IDP (S3 from CA) where SSO logout is not supported. So, if I have logged in as SSO user and try to logout, instead of logging out it logs me back in to the application. I believe this is because the IDP is not providing the logout and hence the session is not killed. Since the session is not killed and it is active the user is redirected to application.

I went through lot of posts in the PDN and none of them help me resolve this issue. Any suggestion regarding this issue would be helpful.

We are using Pega 7.3.1 and framework being used is "CustomerServiceForFS"

Low-Code App Development Data Integration
Close popover
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 3 years ago
Close popover
Sandeep Gunanchipalli (Sandeep46)
OCBC Bank
Senior Software Analyst
OCBC Bank
SG
View Profile Send Message

Hi,


As your IDP is not allowing logout, you were unable to logoff. Can you try clearing the cookies specific to user session by using javascript to achieve this.


 

Posted: 3 years ago
Close popover
Ashwinraj Shekar (sheka1)
PEGA
Sr. System Architect
Pegasystems Inc.
IN
View Profile Send Message

Hi,


I was thinking of doing the same but, OOTB Code-Security.LogOff provides the implementation which just ends the PRPC session. But the user can seamlessly login to the application next time as the application doesn't display the challenge screen. 


Regards,


Ashwin

Posted: 2 years ago
Close popover
Premkumar Ganesan (PremkumarG)
cognizant

cognizant
NL
View Profile Send Message

Hi Sheka1, I remember logoff activity is overridden in your customer service framework ruleset. can you try save as the LogOff activity provided by pegaRules application?

Posted: 2 years ago
Close popover
Marissa Rogers (MarissaRogers)
MOD
Senior Community Moderator
Pegasystems Inc.
US
View Profile Send Message
Hello!


 


Thank you for posting your query on PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write a Post button that’s at the top of this screen and also on our Pega Support Community homepage.  Once created, please reply back here with the URL of the new post.


 


We have also sent you a private message opening up a communication channel in case you have any further questions.


 


Thanks,

Accepted Solution

Posted: 2 years ago
Close popover
Ashwinraj Shekar (sheka1)
PEGA
Sr. System Architect
Pegasystems Inc.
IN
View Profile Send Message

We got a local fix from the support team. 


Use the following local change.

1) Copy Code-Security.Logoff to application ruleset.
2) Comment out Step 6 - Show-HTML for pySAMLLogoffWithoutSLO

This will result in Code-Security.EndSession being called and the requestor being shut down properly.  

Posted: 2 years ago
Close popover
Mahendranath Reddy (MahendranathR6259)
CBA
Consultant
CBA
AU
View Profile Send Message

Hi Sheka1 ,


Thankyou for providing the solution on request . But for some reasons this solution is not working . May be my problem here is bit different. I have tried

 adding below code in overridden Web-Session-Return HTML rule for my issue and it works very well in IE . But dosent work in Chrome. Let us know if you have come accross anything similar .

     

<script language="javascript" type="text/javascript">

//  alert( "you are logged out");

  document.execCommand("ClearAuthenticationCache","false");

</script>


 


Thanks

Mahendra
Share this page Share via LinkedIn Copying...
Copied!