SSO (SAML) Logoff function does not work correctly
SummarySingle Sign-On (SSO) (SAML) Logoff function does not work correctly.
Error MessagesNot Applicable
Steps to Reproduce
- Integrate the Pega application with an Identity Provider (IdP) for SAML authentication.
- Log in to the application.
- Log off from the application. Pega redirects to the Login screen and log in occurs without authentication.
Root CauseAn issue in the custom application code or rules. Pega Logoff function only logs off from the Pega application. It does not log off from third-party security software.
ResolutionPerform the following local-change:
- Create an unauthenticated ruleset and an unauthenticated access group.
- Add the unauthenticated ruleset in the Advanced tab of the unauthenticated access group.
- Map the unauthenticated access group to the appropriate browser requestor type.
- Save the Web-Session-Return HTML rule to the unauthenticated ruleset.
- Delete the below line of code from the Web-Session-Return HTML rule:
<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">
- Delete the unauthenticated ruleset if included in the Application Definition rule as an Application ruleset .
Published October 13, 2017 - Updated September 30, 2019