cancel
Showing results for 
Search instead for 
Did you mean: 

Single-sign on is fine but Single sign off ?

Former Member
0 Kudos

Hi,

We have implemented SSO between our EP system and our Domino 6.5 server. How this works is via a standard solution totally provided by SAP. SAP Logon tickets and DSAPI filters on the Domino side. This works fine, but I have a problem. When I log off from EP the SAP logon ticket is destroyed. The LTPA token that Domino server issues however is still valid. If another user logs in to EP and acceses the Domino Iview then he gets the previous users login.

This could be avoided if I am able to plug-in some code/script/etc in the log-off action in EP.

Is this possible ?

Does anybody have an idea how this could be done ?

regards,

Kevin Hill

View Entire Topic
former_member318735
Participant
0 Kudos

Hi KEvin,

IF you are using SAP Ticket VErifier for SSO to Domino via WebMail Redirect, Portal generates the Memory based cookie for domino for every user logged on portal.

However, when user tries to open a domino webmail redirect iview (e.g. inbox), domino looks this memory based cookie and gets portal user id. Then domino looks in user aliases for a matched one with portal uid. If there is a match, then the content displayed. If not logon screen comes within iview.

If the second user doesn't added into any of the domino user aliases, then may be you've to update DSAPI filter. We're using version 2.2.1 and no problem occurs as you mentioned.

Former Member
0 Kudos

Hi,

thanks for replying.

Yes I am using SAP Ticket Verifyer 2.2.1.0

The SSO logon works fine. The problem I am facing is that when a user logs off from EP, the SAP logon ticket gets invlidated as expected.

However in the same browser sesion if another user logs on to EP and then accesses the Domino Iview, the Domino login is of the previous user.

hope you understood my problem. How do I logout the Domino user on logout from EP ?

regards,

Kevin Hill

Former Member
0 Kudos

Hi Kevin

this is due to the cookies for the login is not destroyed automatically

one soln is to delete cookies manually or

try to do following

In the UM configuration you can add a url which is opened (hidden) during logout.

Example:

ume.logoff.redirect.url=http://ep.portal.com/Smallapps/EnterprisePortal/delete_sessions.asp

ume.logoff.redirect.silent=true

In our case the asp-file contains the following code to delete the cookie:

<%

Response.Cookies("LtpaToken") = ""

Response.Cookies("LtpaToken").Path = "/"

Response.Cookies("LtpaToken").Domain = "mydomain.com"

Response.Cookies("LtpaToken").Expires = DateAdd("d", -1, Now)

%>

you have to change some settings like Domain and URL.

regards,

kaushal