MyTechReference - Technical Notes


by IDAMGroup

CA Siteminder Logout

 

How to configure Logout URI in CA Siteminder r12.5

Version details

  • CA Siteminder r12.51
  • WebServer Apache 2.4.7

 

How Logoff works

When a user clicks a button to log off.

  • The Web Agent redirects the user to a customized logoff page that you created.
  • The Web Agent removes the session and authentication cookies from a user’s browser.
  • The Web Agent also removes the session cookie from the local cookie domain and the cookie provider domain, which you specify for single sign-on environments.
  • The Web Agent calls the Policy Server and instructs the Policy Server to remove any session information.
  •  The user is completely logged off.

Two way to configure LogOut URI in siteminder environment

  1. Configuring LogoffUri paramater using ACO
  2. Configure LogoffURI using .fcc forms

Configure LogoffUri paramater using ACO

Agent Configuration Object

Agent–> Agent Configuration Objects –> Select the WebOne_ACO

Enable the LogoffUri  parameter and add the below value

/Logout.html  place this html file under the doc root of the apache instance. When you have this custom webpage it will redirects the user to this page once it logoff’s the user session.

mytechref_284

Create simple “Logout” html page and also add the below highlighted <Meta> tag’s in the html page which make sure that an HTML logoff page is loaded from the web server and not from the browser’s cache

WebOne:/usr/local/apache2/htdocs/mysitea # more LogOut.html
<html> <title> Your session  have been succesfully Logout </title>
<body>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<h1> You have been successfully Logged Out </h1> 
</body> 
</html> 
WebOne:/usr/local/apache2/htdocs/mysitea #

Testing

Access the URL http://webone.mysitea.com:82 and you see SMSESSION is empty.

Now entered the user credentials.


Logoff_1

After successful authentication you can see from the highlighted below the SMSESSION has been created.


Logoff_2

 

Now access the Logout URL  http://webone.mysitea.com:82/Logout.html  and it clears the SMSESSION Values.


Logoff_3

Configure LogoffUri using Fcc form

  Add the following lines in to the .fcc file.  In this example i am using login.fcc form

@smlogout=true
@target=http://webone.mysitea.com:82/LogOut.html

Add these line to the top of the .fcc file and before <html> tag.

Restart the webserver

Note: This second option didn’t work for me tho. Will be troubleshooting it later.

 

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.