Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
Read More.
SOLVED

How to handle in AEM (Publish instances, CUG) using OOTB SAML Handler logout request from IDP

Avatar

Level 2
Level 2
2/27/24 1:51:34 AM

I have the scenario that I have 2 sites site1.company.com and site2.company.com on AEM, both of them have protected pages (CUGs), and both of them are integrated with the same IDP using SAML Authentication Handler. SAML Authentication Handler is also set to handle logout.
When a user logs in to one of the sites then also will be automatically authenticated when accessing the protected page on the second one. When a user logs out from one site then also it should be logged out from IDP and from the second site.

 

The question is connected to the Single Logout mechanism. When the user logs out from one site, it triggers SAML Handler and the handler uses the logout URL of IDP to log out of the user also from IDP. This logout triggers IDP to send a SAML Logout Request to the second site to log out.

 

Questions:
To what URL on AEM I should send SAML Logout Request to handle this logout on second site on AEM, is it /system/sling/logout?resource=resource_used_to_log_in?
What type of Binding is supported on SAML Handler when sending SAML Logout Request?

Views

298

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/28/24 3:58:36 AM
In response to mtobiasz

Hi

AEM provide a mechanism to logout from AEM, please check 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-saml-authentic... 



Arun Patidar

View solution in original post

Views

246

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
2/27/24 4:04:12 AM

Hi @mtobiasz 
Maybe you can use the another user group to protect your site and based on users access you can disallow the users from other sites.

you can configured custom logout urls to manage logout only for a site



Arun Patidar

Views

285

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
2/27/24 3:16:14 PM
In response to arunpatidar

Hi @arunpatidar 

Unfortunately, it doesn't answer my question regarding SAML integration using the AEM SAML Authentication Handler.
If the SAML Authentication Handler is used for integration with IDP then I would also assume that should be able to handle SAML Logout Response triggered by IDP, especially since the SAML Authentication Handler is responsible for logging out the user and clearing the "login-token" cookie from a browser 
I would like to know if AEM is providing such a mechanism or if it is something that I should handle myself.

Views

261

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
2/28/24 3:58:36 AM
In response to mtobiasz

Hi

AEM provide a mechanism to logout from AEM, please check 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-saml-authentic... 



Arun Patidar

Views

247

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Administrator
Administrator
2/28/24 5:18:48 AM

@mtobiasz  Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Views

234

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
OOTB component Override AEMasCS

Views

25

Likes

0

Replies

0
AEM Sites (+ Guides) Metadata: How to taxonomize evolving products?

Views

25

Likes

0

Replies

0
Custom Lucene Index deletion from AEM Cloud

Views

26

Likes

0

Replies

0
Automating Daily Translation Updates from Language Master to Language Copies in AEM

Views

50

Likes

0

Replies

0
Issue : [aem-site-theme-builder] Proxy /content/<project_name>/us/en/test.html?wcmmode=disabled without changes. : no content changes in browser

Views

82

Likes

0

Replies

1