AEM 6.4 SAML integration - Logout not working

Avatar

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile

Avatar
Validate 1
Level 3
a_mn1
Level 3

Likes

14 likes

Total Posts

84 posts

Correct reply

1 solution
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 10
Ignite 1
View profile
a_mn1
Level 3

30-07-2018

Hello Guys, I am trying to implement SAML integration with AEM 6.4. I have followed most of the steps mentioned in the link https://helpx.adobe.com/experience-manager/using/aem63_saml.html.[1]  Below are the steps I did.

1.Created an SSOCircle account as mentioned in [1].

2.Configured KeyStore & Truststore as in [1]

3.Modified SAML 2.0 Handler and Referrer filter configuration as mentioned in [1]

4.Modified "Apache Sling Authentication Service" configuration to have  authentication for below paths

     +/content

     +/etc/designs

     +/libs/granite/oauth/content/authorization

5.Modified "Apache Sling Authentication Service" configuration to uncheck the checkbox against "Allow Anonymous Access"

6.Modified "Day CQ Root Mapping" configuration to point to my applcications home page.(/content/<myapps>/homepage.html)

7.Add a logout link to my page header <a href="https://forums.adobe.com/system/sling/logout">

When I access my page for first time, I was taken to the SSO Circle login page, I entered the credentials and was taken to my applications home page. On clicking logout , I was taken to the  SSO cirlce login page.

After that whenever I try to login again, it always takes me to /system/sling/logout and further to SSO circle logout page. (https://idp.ssocircle.com/sso/UI/Logout)

Can someone guide me what I am missing / What have I done wrong in integrating AEM with SAML.

My requirement is Whenever user clicks logout button, he should be taken back to IDP login page. He should be able to see my protected pages only after entering the credentials again .(Even clicking on browser back button , he should be taken to IDP login page).

Note: Please let me know if anymore details are required.

View Entire Topic

Avatar

Avatar
Give Back 50
Employee
Kunwar
Employee

Likes

65 likes

Total Posts

253 posts

Correct reply

72 solutions
Top badges earned
Give Back 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile

Avatar
Give Back 50
Employee
Kunwar
Employee

Likes

65 likes

Total Posts

253 posts

Correct reply

72 solutions
Top badges earned
Give Back 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile
Kunwar
Employee

31-07-2018

Sling logout works by calling dropCredentials() on all registered handlers *matching the request path*. See [1] for example implementation.

This means that the LOGIN-RESOURCE attribute needs to be set to a path registered by the respective handler (i.e. http://localhost:4502/system/sling/logout?resource=/content/geometrixx/en)

If the resource parameter is not set, then / is assumed, and only root-level authentication handlers will handle the logout.

See (1) and (2) for more informaiton

[1] : https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...saml/impl/OktaLogoutHandler.java

[2] : AuthenticationHandler (Apache Sling (Builder) 6 API)