Adobe LiveCycle (Archived)

Report · 6/16/08

Hi,

I have been able to get the Workspace Single Sign On feature to work, but now users can't logout of Workspace. It looks like the logout link logs the user out and redirects to the login page, which sees the SSO HTTP headers and logs the user back in.

Does anyone know of a way to correct this behavior?

Thanks.

Report · 6/17/08

This behaviour is as designed. If Workspace is configured for SSO then a Workspace logout has no real purpose. You would need to logout of the SSO session.

Report · 6/17/08

Is there a way to remove the "Logout" link from the top menu when single sign on is enabled?

Report · 6/17/08

Unfortunately there is no clean way to detect for SSO. The only thing I can propose is if this is a pure SSO environment then you can remove the logout button in Workspace and recompile/deploy the app.

kc · 6/30/08

I would like to know a litlle bit about how to setup the SSO for LC, is it possible to make it work with Windows domain logon?

Sincerely

Kim

chetanm_oct · 7/2/08

Yes with LC ES Update 1 (or 8.2.1) its possible to have SSO with Windows domain logon.

The documents explaining that are currently avialable through prerelease site. If you are part of pre-release program you can access it under documentation at User Management > Enabling SSO in LiveCycle ES > Enabling SSO using SPNEGO

Let us know if you require more details on that.

kc · 7/2/08

Hi again,

Thanks for the info - I have found the documentation that you mention, however I still need some help setting it up. I can not get a Kerberos connection set up correctly.

I have tried several times but get the same error each time:

HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)

root cause

java.lang.Exception: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)

I suspect that I have a problem with the setup of the SPN mapping for my Livecycle LDAP user, however I have run out of ideas for setting this up correctly.

Can you please help?

Thanks in advance

Sincerely

Kim

chetanm_oct · 7/3/08

This issue was earlier reported and was fixed in one of the later builds (Post RC 2). Try with a more recent build and then you would not face this issue

kc · 7/13/08

How can I get my hands on a newer build?

Can you give me a link or something?

Sincerely

Kim

Report · 7/17/08

The problem with not being able to logout of Workspace with SSO

enabled is the following:

1. establish SSO session as user A

2. access Workspace

3. terminate the SSO session

4. establish SSO session as a new user B

5. access Workspace agiain.

I now get logged into Workspace as the original user A, as Workspace

still thinks it has an active session with my browser. I guess the

SSO credentials are only checked at initial login, so the change

is not detected.

If I now logout of Workspace, it automatically logs me back in as

the correct user B.

chetanm_oct · 7/17/08

Can you clarify few points

1. How do you establish the SSO session

2. How do you terminate the SSO session

Your observation is however correct

Workspace would check and create a session for you once you "create a sso session". After that it does not rely on the "sso session" and instead creates a LiveCycle SSO session. So even if you "terminate" your sso session workspace would not detect it. You would have to explicitly logout from workspace to terminate your LiveCycle session

Report · 7/17/08

Hi John,

The intended behavior of Workspace SSO is to not ever allow a user to be in a logged out state unless the context from the point of login expires or is logged out. The fact that we still show the "logout" link when SSO is in use is unfortunate and something we will consider remedying in a future release.

Thanks,

Matt MacKenzie

Engineering Manager, LiveCycle Process Management

Report · 7/17/08

Ok.

My bigger issue right now is the fact that I can terminate my SSO

session with the Reverse Proxy (IBM WebSeal) and create a new SSO

session as a different user, and when I access Workspace again it

thinks I'm still the original user!

Report · 7/17/08

John,

That is a problem! Could you please log this with support, and feel free to ask them to consult with me (mattm AT adobe DOT com) on the issue.

Thanks, and apologies for the trouble you're having.

Thanks,

Matt

Adobe LiveCycle (Archived)

Can't Logout when Single Sign On is enabled

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe