SAML Log Out AEM as a Cloud Service | Community
Skip to main content
Mike_eggs
Mike_eggs
Level 3
March 2, 2023
Solved

SAML Log Out AEM as a Cloud Service

  • March 2, 2023
  • 1 reply
  • 2892 views

Hi all,


we have successfully configured SAML authentication by following the instructions: SAML 2.0 on AEM as a Cloud Service - Adobe Experience Manager

 

Now we're trying to configure the log out as well, but we can't find any documentation about it. Can anyone point us in the right direction?

 

Thanks,

 

Mike

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by krishna_sai

Hi Arun!
Thanks for the input! This sounds good.

I will add the following configuration to our SAML Authentication Handler:
"logoutUrl":  "$[env:SAML_LOG_OUT_URL;default=https://a7tv3j3qn.accounts.ondemand.com/saml2/idp/slo/a7tv3j3qn.accounts.ondemand.com",


Do you know, what URL I have to call to initiate the log out?

Mike


@mike_eggs Look at this thread hope this helps
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-saml-authentication-handler-handle-logout/m-p/235146

Krishna

1 reply

krishna_sai
Community Advisor
krishna_saiCommunity Advisor
Community Advisor
March 2, 2023

@mike_eggs you can write one servlet which will be called on clicking the logout button.
In that servlet you can read login-token and make its max age to zero.

 

Cookie loginCookie = request.getCookie("login-token"); if(null != loginCookie) { loginCookie.setMaxAge(0); loginCookie.setPath("/"); loginCookie.setValue(""); response.addCookie(loginCookie); }

 

you can then redirect the response to where ever you want to

response.sendRedirect(<redirectLogoutURL>);

Hope this helps,
Krishna

 

    Mike_eggs
    Mike_eggsAuthor
    Level 3
    March 2, 2023

    Hi Krishna,

     

    After re-thinking your suggestion, I don't think this is a possible way to solve the problem: Since the login cookie was set by the IDP, I probably can't delete it from a servlet running in AEM (different URL).

     

    Mike

      Mike_eggs
      Mike_eggsAuthor
      Level 3
      March 2, 2023

      @mike_eggs Once after you login into your application, can you open dev tools in your browser and go to application tab -> cookies and look you should be seeing login-token.

       


      Try deleting it in the browser itself and reload the page it should be taking you to login page again.
      If that works the same thing is being implemented programatically when you click on logout button.
      Krishna


      Hi Krishna,

       

      thanks for your input, but there is no login-token, there is no cookie from abc.adobeaemcloud.com at all. Authentification is done by an SAML IDP and this service sets the login cookies from another domain (xyz.accounts.ondemand.com). That's why I have no access from AEM to this cookies.

       

      Mike

        Terms & ConditionsAccessibility statement

        Loading footer...