Expand my Community achievements bar.

SOLVED

Can i clear only the AEM level SAML Assertion and not the IDP SAML session.

Avatar

Level 5
Level 5
4/26/16 6:14:14 AM

Hi,

i have a use case requirement where i required to clear only the AEM related SAML Assertion and not the IDP level SAML session. is there any OOB way to achieve it. I have tried /system/sling/logout.html which shows only "session_timeout" output, but when i access any page of AEM in the same browser i can see the SAML authenticated user is still logged in.

Thanks,

KK

Views

1.4K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
4/28/16 8:34:30 AM

It would help if you could describe what end result you are trying to accomplish.

Based on your description, you will need to reconfigure your IDP. Because when a user logs out of AEM (and you don't have Single Logout Configured), the next request from the user will get redirected to the IDP and then the IDP response will include the assertion necessary for the user to be logged into AEM. If, in the interim, you reconfigure the IDP to no longer send the assertion to AEM, then the user won't be logged in to AEM. This may result in a redirect loop depending upon how the IDP is set up.

Regards,

Justin

View solution in original post

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 5
Level 5
4/28/16 7:44:52 AM

Hi Members,

Any inputs or suggestions.?

Views

806

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
4/28/16 8:32:22 AM

I know SAML needs to be improved in the AEM docs. Also - we will add this as a topic for AEM Ask the Experts. I have asked some Adobe ppl to look at this question. 

Views

707

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
4/28/16 8:34:30 AM

It would help if you could describe what end result you are trying to accomplish.

Based on your description, you will need to reconfigure your IDP. Because when a user logs out of AEM (and you don't have Single Logout Configured), the next request from the user will get redirected to the IDP and then the IDP response will include the assertion necessary for the user to be logged into AEM. If, in the interim, you reconfigure the IDP to no longer send the assertion to AEM, then the user won't be logged in to AEM. This may result in a redirect loop depending upon how the IDP is set up.

Regards,

Justin

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
AEM headless architecture Solved

Views

126

Likes

0

Replies

4
The dynamic table previews correctly in HTML, but when converted to PDF, the page is cut off.

Views

116

Likes

0

Replies

4
How to Render the different version of Header for Specific Pages Using Experience Fragments in AEM?

Views

171

Likes

0

Replies

6
GraphQL Query only partially encoded

Views

78

Likes

0

Replies

2
Best Site Search Engine with AEM

Views

156

Likes

0

Replies

8