Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!
SOLVED

Can i clear only the AEM level SAML Assertion and not the IDP SAML session.

Avatar

Level 5
Level 5
4/26/16 6:14:14 AM

Hi,

i have a use case requirement where i required to clear only the AEM related SAML Assertion and not the IDP level SAML session. is there any OOB way to achieve it. I have tried /system/sling/logout.html which shows only "session_timeout" output, but when i access any page of AEM in the same browser i can see the SAML authenticated user is still logged in.

Thanks,

KK

Views

1.2K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
4/28/16 8:34:30 AM

It would help if you could describe what end result you are trying to accomplish.

Based on your description, you will need to reconfigure your IDP. Because when a user logs out of AEM (and you don't have Single Logout Configured), the next request from the user will get redirected to the IDP and then the IDP response will include the assertion necessary for the user to be logged into AEM. If, in the interim, you reconfigure the IDP to no longer send the assertion to AEM, then the user won't be logged in to AEM. This may result in a redirect loop depending upon how the IDP is set up.

Regards,

Justin

View solution in original post

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 5
Level 5
4/28/16 7:44:52 AM

Hi Members,

Any inputs or suggestions.?

Views

677

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
4/28/16 8:32:22 AM

I know SAML needs to be improved in the AEM docs. Also - we will add this as a topic for AEM Ask the Experts. I have asked some Adobe ppl to look at this question. 

Views

578

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee
Employee
4/28/16 8:34:30 AM

It would help if you could describe what end result you are trying to accomplish.

Based on your description, you will need to reconfigure your IDP. Because when a user logs out of AEM (and you don't have Single Logout Configured), the next request from the user will get redirected to the IDP and then the IDP response will include the assertion necessary for the user to be logged into AEM. If, in the interim, you reconfigure the IDP to no longer send the assertion to AEM, then the user won't be logged in to AEM. This may result in a redirect loop depending upon how the IDP is set up.

Regards,

Justin

Views

1.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply