Support Article

SSO (SAML) Logoff function does not work correctly



Single Sign-On (SSO) (SAML) Logoff function does not work correctly.

Error Messages

Not Applicable

Steps to Reproduce

  1. Integrate the Pega application with an Identity Provider (IdP) for SAML authentication.
  2. Log in to the application.
  3. Log off from the application. Pega redirects to the Login screen and log in occurs without authentication.

Root Cause

An issue in the custom application code or rules. Pega Logoff function only logs off from the Pega application. It does not log off from third-party security software.


Perform the following local-change:
  1. Create an unauthenticated ruleset and an unauthenticated access group.
  2. Add the unauthenticated ruleset in the Advanced tab of the unauthenticated access group. 
  3. Map the unauthenticated access group to the appropriate browser requestor type.
  4. Save the Web-Session-Return HTML rule to the unauthenticated ruleset.
  5. Delete the below line of code from the Web-Session-Return HTML rule: 

    <META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
  6. Delete the unauthenticated ruleset if included in the Application Definition rule as an Application ruleset .


Published October 8, 2020

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.