by IDAMGroup
CA Siteminder Logout
How to configure Logout URI in CA Siteminder r12.5
Version details
- CA Siteminder r12.51
- WebServer Apache 2.4.7
How Logoff works
When a user clicks a button to log off.
- The Web Agent redirects the user to a customized logoff page that you created.
- The Web Agent removes the session and authentication cookies from a user’s browser.
- The Web Agent also removes the session cookie from the local cookie domain and the cookie provider domain, which you specify for single sign-on environments.
- The Web Agent calls the Policy Server and instructs the Policy Server to remove any session information.
- The user is completely logged off.
Two way to configure LogOut URI in siteminder environment
- Configuring LogoffUri paramater using ACO
- Configure LogoffURI using .fcc forms
Configure LogoffUri paramater using ACO
Agent Configuration Object
Agent–> Agent Configuration Objects –> Select the WebOne_ACO
Enable the LogoffUri parameter and add the below value
/Logout.html place this html file under the doc root of the apache instance. When you have this custom webpage it will redirects the user to this page once it logoff’s the user session.
Create simple “Logout” html page and also add the below highlighted <Meta> tag’s in the html page which make sure that an HTML logoff page is loaded from the web server and not from the browser’s cache
WebOne:/usr/local/apache2/htdocs/mysitea # more LogOut.html <html> <title> Your session have been succesfully Logout </title> <body> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <h1> You have been successfully Logged Out </h1> </body> </html> WebOne:/usr/local/apache2/htdocs/mysitea #
Testing
Access the URL http://webone.mysitea.com:82 and you see SMSESSION is empty.
Now entered the user credentials.
After successful authentication you can see from the highlighted below the SMSESSION has been created.
Now access the Logout URL http://webone.mysitea.com:82/Logout.html and it clears the SMSESSION Values.
Configure LogoffUri using Fcc form
Add the following lines in to the .fcc file. In this example i am using login.fcc form
@smlogout=true
@target=http://webone.mysitea.com:82/LogOut.html
Add these line to the top of the .fcc file and before <html> tag.
Restart the webserver
Note: This second option didn’t work for me tho. Will be troubleshooting it later.
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.