Can't Logout when Single Sign On is enabled

Avatar

16-06-2008

Hi,



I have been able to get the Workspace Single Sign On feature to work, but now users can't logout of Workspace. It looks like the logout link logs the user out and redirects to the login page, which sees the SSO HTTP headers and logs the user back in.



Does anyone know of a way to correct this behavior?



Thanks.

Replies

Avatar

17-06-2008

This behaviour is as designed. If Workspace is configured for SSO then a Workspace logout has no real purpose. You would need to logout of the SSO session.

Avatar

17-06-2008

Is there a way to remove the "Logout" link from the top menu when single sign on is enabled?

Avatar

17-06-2008

Unfortunately there is no clean way to detect for SSO. The only thing I can propose is if this is a pure SSO environment then you can remove the logout button in Workspace and recompile/deploy the app.

Avatar

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
kc
Level 7

30-06-2008

I would like to know a litlle bit about how to setup the SSO for LC, is it possible to make it work with Windows domain logon?



Sincerely

Kim

Avatar

Avatar
Boost 5
Level 3
chetanm_oct
Level 3

Likes

9 likes

Total Posts

72 posts

Correct reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 5
View profile

Avatar
Boost 5
Level 3
chetanm_oct
Level 3

Likes

9 likes

Total Posts

72 posts

Correct reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 5
View profile
chetanm_oct
Level 3

02-07-2008

Yes with LC ES Update 1 (or 8.2.1) its possible to have SSO with Windows domain logon.

The documents explaining that are currently avialable through prerelease site. If you are part of pre-release program you can access it under documentation at User Management > Enabling SSO in LiveCycle ES > Enabling SSO using SPNEGO



Let us know if you require more details on that.

Avatar

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
kc
Level 7

02-07-2008

Hi again,



Thanks for the info - I have found the documentation that you mention, however I still need some help setting it up. I can not get a Kerberos connection set up correctly.



I have tried several times but get the same error each time:



HTTP Status 500 -



--------------------------------------------------------------------------------



type Exception report



message



description The server encountered an internal error () that prevented it from fulfilling this request.



exception



javax.servlet.ServletException: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)



root cause



java.lang.Exception: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)



I suspect that I have a problem with the setup of the SPN mapping for my Livecycle LDAP user, however I have run out of ideas for setting this up correctly.



Can you please help?



Thanks in advance



Sincerely

Kim

Avatar

Avatar
Boost 5
Level 3
chetanm_oct
Level 3

Likes

9 likes

Total Posts

72 posts

Correct reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 5
View profile

Avatar
Boost 5
Level 3
chetanm_oct
Level 3

Likes

9 likes

Total Posts

72 posts

Correct reply

6 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 5
View profile
chetanm_oct
Level 3

03-07-2008

This issue was earlier reported and was fixed in one of the later builds (Post RC 2). Try with a more recent build and then you would not face this issue

Avatar

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 7
kc
Level 7

Likes

0 likes

Total Posts

402 posts

Correct reply

0 solutions
Top badges earned
Validate 1
View profile
kc
Level 7

13-07-2008

How can I get my hands on a newer build?



Can you give me a link or something?



Sincerely

Kim

Avatar

17-07-2008

The problem with not being able to logout of Workspace with SSO

enabled is the following:



1. establish SSO session as user A

2. access Workspace

3. terminate the SSO session

4. establish SSO session as a new user B

5. access Workspace agiain.



I now get logged into Workspace as the original user A, as Workspace

still thinks it has an active session with my browser. I guess the

SSO credentials are only checked at initial login, so the change

is not detected.



If I now logout of Workspace, it automatically logs me back in as

the correct user B.