Support Article
SSO (SAML) Logoff function does not work correctly
SA-45450
Summary
Single Sign-On (SSO) (SAML) Logoff function does not work correctly.
Error Messages
Not Applicable
Steps to Reproduce
- Integrate the Pega application with an Identity Provider (IdP) for SAML authentication.
- Log in to the application.
- Log off from the application. Pega redirects to the Login screen and log in occurs without authentication.
Root Cause
An issue in the custom application code or rules. Pega Logoff function only logs off from the Pega application. It does not log off from third-party security software.
Resolution
Perform the following local-change:
- Create an unauthenticated ruleset and an unauthenticated access group.
- Add the unauthenticated ruleset in the Advanced tab of the unauthenticated access group.
- Map the unauthenticated access group to the appropriate browser requestor type.
- Save the Web-Session-Return HTML rule to the unauthenticated ruleset.
- Delete the below line of code from the Web-Session-Return HTML rule:
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
- Delete the unauthenticated ruleset if included in the Application Definition rule as an Application ruleset .
Published October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.