SAML Log Out AEM as a Cloud Service | Community
Skip to main content
Mike_eggs
Mike_eggs
Level 3
March 2, 2023
Solved

SAML Log Out AEM as a Cloud Service

  • March 2, 2023
  • 1 reply
  • 2849 views

Hi all,


we have successfully configured SAML authentication by following the instructions: SAML 2.0 on AEM as a Cloud Service - Adobe Experience Manager

 

Now we're trying to configure the log out as well, but we can't find any documentation about it. Can anyone point us in the right direction?

 

Thanks,

 

Mike

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by krishna_sai

Hi Arun!
Thanks for the input! This sounds good.

I will add the following configuration to our SAML Authentication Handler:
"logoutUrl":  "$[env:SAML_LOG_OUT_URL;default=https://a7tv3j3qn.accounts.ondemand.com/saml2/idp/slo/a7tv3j3qn.accounts.ondemand.com",


Do you know, what URL I have to call to initiate the log out?

Mike


@mike_eggs Look at this thread hope this helps
https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-saml-authentication-handler-handle-logout/m-p/235146

Krishna

1 reply

krishna_sai
Community Advisor
krishna_saiCommunity Advisor
Community Advisor
March 2, 2023

@mike_eggs you can write one servlet which will be called on clicking the logout button.
In that servlet you can read login-token and make its max age to zero.

 

Cookie loginCookie = request.getCookie("login-token"); if(null != loginCookie) { loginCookie.setMaxAge(0); loginCookie.setPath("/"); loginCookie.setValue(""); response.addCookie(loginCookie); }

 

you can then redirect the response to where ever you want to

response.sendRedirect(<redirectLogoutURL>);

Hope this helps,
Krishna

 

    Mike_eggs
    Mike_eggsAuthor
    Level 3
    March 2, 2023

    Thank you Krishna!

    However, I hoped that AEM would provide a standard functionality for the SAML log out. Do you really have to implement the SLO yourself?

     

    My expectation would be that we set the Log Out URL in the SAML Authentication Handler (/apps/ssp/osgiconfig/config.publish/com.adobe.granite.auth.saml.SamlAuthenticationHandler_saml.cfg) and then just call one "Special-URL",  so that AEM performs the SAML log out automaticaly.


    Anyone from Adobe here?

     

    Thanks,

     

    Mike

      Mike_eggs
      Mike_eggsAuthor
      Level 3
      March 2, 2023

      you need to provide the idp logout url in the configuration

       

      example for Azure AD logout url

      logoutUrl="https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0"


      Hi Arun!
      Thanks for the input! This sounds good.

      I will add the following configuration to our SAML Authentication Handler:
      "logoutUrl":  "$[env:SAML_LOG_OUT_URL;default=https://a7tv3j3qn.accounts.ondemand.com/saml2/idp/slo/a7tv3j3qn.accounts.ondemand.com",


      Do you know, what URL I have to call to initiate the log out?

      Mike

        Terms & ConditionsAccessibility statement

        Loading footer...