SSO logoff works in IE but not in Firefox
After clicking logoff button, the user should be signed off from SSO and the log out page should be displayed using a meta-refresh tag with SSO logout URL in the "Web-Session-Return" HTML that is called from EndSession activity.
This implementation works fine in IE11, however, the authentication cookies are not deleted on Firefox. As a result, the user is redirected without challenging the SSO Login to access the system again.
SMSESSION Authentication cookies not getting removed or set to none.
Steps to Reproduce
Add a link with an action, "Logoff" which calls EndSession activity. Add the SSO Logout URL in the "Web-Session-Return" HTML rule to logout from SSO.
The problem was with the Siteminder logoff processing not clearing the SMSESSION Cookie when using Firefox.
PRPC cannot control the SMSESSION cookie as it is not an application cookie. Only the Pega-RULES cookie can be controlled as that is the application cookie.
This is not a PRPC issue. The SMSESSION cookie not cleared with Firefox is an issue that needs to be worked on with Siteminder support.