Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Requestors not being unauthenticated through logoff

SA-46664

Summary



The current authentication method of SAML 2.0 takes a slightly different path when a user clicks LogOff from either a User Portal, Designer Studio Portal or from a Launched User Portal from Designer Studio.

Marking the requestor as unauthenticated when the logoff screen is presented is not working.

Internally, Pega marks a requestor as active during logon or connection and should be marking the same requestor as deactivated and unauthenticated if logoff is clicked.

However, if a launched portal is opened, the logoff link should be closing that window or tab and leaving the Designer Studio still active and only unauthenticating the Designer Studio session when the logoff link is clicked.


Error Messages



Not Applicable


Steps to Reproduce

  1. Log into Pega 7.3.1 environment with a Developer Access user account which is configured to use both Internal PRPC Authentication & SAML Authentication.
    Test 1: Click on Logoff – one cannot see the logoff HTML page
    Test 2: Open another session and then launch a user portal. Click logoff from the launched portal – window is closed, and the developer session is still active.
    Test 3: Click on Logoff from the developer portal, and one cannot see the logoff HTML page, but will see an exception instead
  2. When log out is performed as a developer, there is no logoff screen. Instead an exception occurs.


Root Cause



This issue was determined to be a product enhancement request. Pega 7.3.1 is currently working as designed.

Resolution



Perform either one of the following local-change steps:

Use a wrapper activity like the following:

1. Include Java step to call the unauthenticate() API.
2. Call EndSession activity and give this wrapper activity as logout activity in AuthenticationService rule form.

(Or):

Configure the AuthService logout URL to be the EndSession activity and override EndSession activity to have a Java step to unauthenticate the requestor.

Tags:

Pega Platform Pega Platform 7.3.1

Published April 6, 2018 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us