Expand my Community achievements bar.

LOGOUT FUNCTION DOES NOT INVALIDATE TOKEN

Avatar

Level 3
Level 3
3/21/24 5:04:27 AM

Hi All,

We are facing an issue with the login-token, where the old or previous login-token are working for the new login on the same day.

1.Log in as testuser@gmail.com.
2. Take note of the login-token session cookie.
3. Log out.
4.Logged in again and changed the login-token with the old token which i got from step 2. All pages are still coming. But the original flow should redirect the page to login page

As checked in my AEM local instance, after changing the login-token to the previous one, the session is getting logout and redirecting to login page. But i cannot able to reproduce the redirect flow in our higher environments. 

So i am suspecting it may be changes required from dispatcher side.

Can anyone please suggest what i need to do for the above scenario to work perfectly.

 

 

Thanks & Regards,

Bhavani Bharanidharan

 

Views

242

Replies

6
Sign in to like this content

Total Likes

Translate
Translate
6 Replies

Avatar

Community Advisor
Community Advisor
3/21/24 5:28:07 AM

@BhavaniBharani - If I understand this correctly then the issue could be that the SAML authentication handler may not be logging out (invalidating) the requests. Please ensure that 'handleLogout' and 'logoutUrl' is specified in your AEM SAML authentication handler - <AEM_HOST>/system/console/configMgr/com.adobe.granite.auth.saml.SamlAuthenticationHandler

For reference: https://aemblogger.medium.com/saml-2-0-authentication-in-aem-using-microsoft-azure-active-directory-...

Views

235

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/21/24 6:23:38 AM
In response to Jineet_Vora

Hi @Jineet_Vora ,

Thanks for your response first. I can able to see the logout url by debugging the code.

but can you please specify what the handleLogout means here?

 

Regards,

Bhavani Bharanidharan

Views

212

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/21/24 6:33:12 AM
In response to BhavaniBharani

@BhavaniBharani - Ensure these 2 properties are populated correctly where logoutUrl should be provided by your IdP to invalidate the session.

Jineet_Vora_0-1711027967585.png


You can also refer to this doc here - https://aemblogger.medium.com/saml-2-0-authentication-in-aem-using-microsoft-azure-active-directory-...

Views

203

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/21/24 6:34:28 AM
In response to BhavaniBharani

@BhavaniBharani - This is in assumption that you are using AEM's OOTB SAML authentication handler.

Views

199

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
3/25/24 11:52:39 AM

@BhavaniBharani , Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Views

107

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/29/24 1:27:28 AM
In response to MayurSatav

Hi @MayurSatav ,

I m still facing the issue. if anyone knows how to invalidate login-token on the server side once the logout button is clicked. I tried session.invalidate() in my logout servlet, but this didn't helped.

 

 

Ragards,

Bhavani Bharanidharan

 

Views

88

Replies

0
Sign in to like this content

Total Likes

Translate
Translate