LOGOUT FUNCTION DOES NOT INVALIDATE TOKEN

Question

Hi All,We are facing an issue with the login-token, where the old or previous login-token are working for the new login on the same day.1.Log in as testuser@gmail.com.2. Take note of the login-token session cookie.3. Log out.4.Logged in again and changed the login-token with the old token which i got from step 2. All pages are still coming. But the original flow should redirect the page to login pageAs checked in my AEM local instance, after changing the login-token to the previous one, the session is getting logout and redirecting to login page. But i cannot able to reproduce the redirect flow in our higher environments. So i am suspecting it may be changes required from dispatcher side.Can anyone please suggest what i need to do for the above scenario to work perfectly.  Thanks & Regards,Bhavani Bharanidharan

Jineet_Vora · Accepted Answer

@bhavanibharani - Ensure these 2 properties are populated correctly where logoutUrl should be provided by your IdP to invalidate the session.

You can also refer to this doc here - https://aemblogger.medium.com/saml-2-0-authentication-in-aem-using-microsoft-azure-active-directory-sso-integration-e49b2a04d661

Jineet_Vora · Answer

@bhavanibharani - If I understand this correctly then the issue could be that the SAML authentication handler may not be logging out (invalidating) the requests. Please ensure that 'handleLogout' and 'logoutUrl' is specified in your AEM SAML authentication handler - <AEM_HOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler

For reference: https://aemblogger.medium.com/saml-2-0-authentication-in-aem-using-microsoft-azure-active-directory-sso-integration-e49b2a04d661

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded