Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAML2 & SLO

former_member319648
Explorer

on ‎2015 Apr 10 9:54 AM

0 Likes
1,629


Hello,

We recently changed our authentication procedure for our SAP netweaver to authenticate user thanks to SAML2 + SAP ID provider.

So far so and all is working fine.

The minor issue we're facing is with the logout option.

When user is clicking on the [Log Off] button (top right corner of the webUi he logout from the system.

The problem is that if user re-open the browser and try to open the webui again then all behaves like if the user never log out.

I mean unless the user clear his broser cache of all cookies then IDP logon screen where he normaly has to provide credential is not dispalyed.

It behaves like if the [Log Off] is not deleting the cookies that was created when he initaly logged in.

Is our expectation wrong?

We would expect that [Log Off] would delete that cookie so user would not be automaticaly reauthenticated but would be redirected to the IDP logon screen.

If our expectation is correct then any idea why it's not behaving like this ?

please advise

thanks

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
MSo
Product and Topic Expert
Product and Topic Expert
‎2015 Apr 10 12:50 PM
0 Likes

Hi Fabien,

single logout is a combination of service provider and identity provider handshake.

As in your case the user may click on a logout button/link on the service provider side,

then an SLO request is send to the IdP

IdP informs all service providers for which the user was logged in

and terminates the session.

In order to be able to judge why it is not behaving as expected in your scenario it is required to know the concrete application (or service provider) as well as the identity provider.

You stated that you have SAP netweaver and SAP ID provider. Could you explain a bit more concrete which applications you are referring to?

SAP netweaver is an ABAP on-premise application?

SAP ID prvider is SAP Single sign-on (on-premise)  or SAP Cloud Identity (Cloud service)?

Best regards,

Marko Sommer

Show replies
Show replies
former_member319648
Explorer
‎2015 Apr 10 1:21 PM
0 Likes

Hello,

Correct.

SAP netweaver is an ABAP on-premise application (= SAP PRM system = a on-premise CRM ABAP system used to manage partner relationships with SAP)

SAP ID provider is SAP Cloud Identity (Cloud service).

Ask a Question