Hi,
i have a use case requirement where i required to clear only the AEM related SAML Assertion and not the IDP level SAML session. is there any OOB way to achieve it. I have tried /system/sling/logout.html which shows only "session_timeout" output, but when i access any page of AEM in the same browser i can see the SAML authenticated user is still logged in.
Thanks,
KK
It would help if you could describe what end result you are trying to accomplish.
Based on your description, you will need to reconfigure your IDP. Because when a user logs out of AEM (and you don't have Single Logout Configured), the next request from the user will get redirected to the IDP and then the IDP response will include the assertion necessary for the user to be logged into AEM. If, in the interim, you reconfigure the IDP to no longer send the assertion to AEM, then the user won't be logged in to AEM. This may result in a redirect loop depending upon how the IDP is set up.
Regards,
Justin
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.