Product/components used and version/fix level:
Versions |
10.11 |
Platforms |
UNIX |
Operating Systems |
Red Hat Enterprise Linux |
Detailed explanation of the problem:
In the Developer Portal, the logout via Single Sign-On is not working. Once the logout has been initiated from the Developer Portal, the IDP sends the right response, and the user gets logged out. It is not reflected in the UI because the session is not getting invalidated - hence, the session is still active.
How do we resolve this?
In SAML SSO setup, as per spec, when logout is initialized from SP (i.e. Developer Portal), it would send a Logout Request Assertion to IDP.
Once it successfully logged out in IDP, the IDP has to send the response to SP (to - <API PORTAL URL>/portal/rest/v1/saml/initslo
) - then only the Developer Portal would clear its’ session.
The SingleLogoutService location in the SP-Metadata file was set as the portal login URL (/portal/rest/v1/saml/initsso/) which is wrong. After changing the value to /portal/rest/v1/saml/initslo/ the logout would work successfully.