Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SSO logoff works in IE but not in Firefox

SA-14536

Summary



After clicking logoff button, the user should be signed off from SSO and the log out page should be displayed using a meta-refresh tag with SSO logout URL in the "Web-Session-Return" HTML that is called from EndSession activity.

This implementation works fine in IE11, however, the authentication cookies are not deleted on Firefox. As a result, the user is redirected without challenging the SSO Login to access the system again.


Error Messages



SMSESSION Authentication cookies not getting removed or set to none.



Steps to Reproduce



Add a link with an action, "Logoff" which calls EndSession activity. Add the SSO Logout URL in the "Web-Session-Return" HTML rule to logout from SSO.
 


Root Cause



The problem was with the Siteminder logoff processing not clearing the SMSESSION Cookie when using Firefox. 

PRPC cannot control the SMSESSION cookie as it is not an application cookie. Only the Pega-RULES cookie can be controlled as that is the application cookie. 

 

Resolution


 

This is not a PRPC issue. The SMSESSION cookie not cleared with Firefox is an issue that needs to be worked on with Siteminder support. 

Suggest Edit

Published October 1, 2015 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us