Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM SAML Integration-Idle session logout

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

25-11-2019

Hi,

We have SAML integration in place for our application(includes both public and secure pages) where AEM is Service Provider and Salesforce is Identity Provider.

We are trying to achieve idle session logout where if user does not interact with application for 5 minutes or so user must be logged out.

In order to achieve this we are following this article https://helpx.adobe.com/experience-manager/kb/How-to-set-token-session-expiration-AEM.html where in OSGi configuration org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl, property value is set Token Expiration to 600, but does not seem to work i.e. after idle time if user tries to access secure page(refresh secure page), he is not taken to login screen or SAML Authentical Handler is not invoked.

Could you please let me know if the above approach is applicable for SAML authentication too? Or are there any alternate approaches?

Note: Idle session logout configuration is in place at Salesforce end

Thanks,

Srikanth Pogula.

Replies

Avatar

Avatar
Boost 50
Employee
WASIL
Employee

Likes

51 likes

Total Posts

386 posts

Correct Reply

51 solutions
Top badges earned
Boost 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile

Avatar
Boost 50
Employee
WASIL
Employee

Likes

51 likes

Total Posts

386 posts

Correct Reply

51 solutions
Top badges earned
Boost 50
Give Back 5
Give Back 3
Give Back 25
Give Back 10
View profile
WASIL
Employee

26-11-2019

Avatar

Avatar
Coach
Employee
jbrar
Employee

Likes

388 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile

Avatar
Coach
Employee
jbrar
Employee

Likes

388 likes

Total Posts

869 posts

Correct Reply

283 solutions
Top badges earned
Coach
Establish
Give Back 50
Give Back 5
Give Back 3
View profile
jbrar
Employee

26-11-2019

Have you configured SAML handler to handle the logout?

Screen Shot 2019-11-26 at 10.22.52 AM.png

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

26-11-2019

Hi jbrar,

Yes, we are handling Logout via SAML Handler i.e. Handle Logout is checked and Logout URL is the URL given by IDP.

Thanks & Regards,

Srikanth Pogula.

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

26-11-2019

Hi WASIL,

As mentioned in the original post, we have followed the same helpx article but does not seem to work. Even after Token Expiration time, if user tries to access secure page, user is not taken to Identity Provider's authentication screen.

Thanks & Regards,

Srikanth Pogula.

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct Reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

27-11-2019

Is your SAML set up as Idp initiated or SP initiated?

If it's SP initiated then that Oak login token approach won't work since the session is never invalidated with the Idp.

The Idp will log you right back in.

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

27-11-2019

Hi march16806759,

Our SAML set up is SP initiated.

Is there anyway we can handle idle session logout in this case?

Thanks,

Srikanth Pogula.

Avatar

Avatar
Validate 1
Level 1
nikitagoyal
Level 1

Like

1 like

Total Posts

4 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Give Back
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 1
nikitagoyal
Level 1

Like

1 like

Total Posts

4 posts

Correct Reply

1 solution
Top badges earned
Validate 1
Give Back
Boost 1
Affirm 1
View profile
nikitagoyal
Level 1

03-06-2020

hi @srikanthp689160 ,

 

What was the resolution to this?

 

We have a similar requirement.

SAML is set up to handle logout.
The Login is SP initiated.

We need to logout the user from IDP when AEM session is expired.Is there is way to achieve this?

 

Thanks,

Nikita Goyal

 

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct Reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

05-07-2020

@nikitagoyal , we were not able to achieve this, right now we still have IDP session timeout only in place.

Please let me know if you find a solution for this.