Support Article

SSO (SAML) Logoff function does not work correctly

SA-45450

Summary



Single Sign-On (SSO) (SAML) Logoff function does not work correctly.


Error Messages



Not Applicable


Steps to Reproduce

  1. Integrate the Pega application with an Identity Provider (IdP) for SAML authentication.
  2. Log in to the application.
  3. Log off from the application. Pega redirects to the Login screen and log in occurs without authentication.


Root Cause



An issue in the custom application code or rules. Pega Logoff function only logs off from the Pega application. It does not log off from third-party security software.


Resolution



Perform the following local-change:
  1. Create an unauthenticated ruleset and an unauthenticated access group.
  2. Add the unauthenticated ruleset in the Advanced tab of the unauthenticated access group. 
  3. Map the unauthenticated access group to the appropriate browser requestor type.
  4. Save the Web-Session-Return HTML rule to the unauthenticated ruleset.
  5. Delete the below line of code from the Web-Session-Return HTML rule: 

    <META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
     
  6. Delete the unauthenticated ruleset if included in the Application Definition rule as an Application ruleset .

 

Published October 13, 2017 - Updated September 30, 2019

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.