Expand my Community achievements bar.

Can't Logout when Single Sign On is enabled

Avatar

Community user
‎16-06-2008 05:52 PDT
Hi,



I have been able to get the Workspace Single Sign On feature to work, but now users can't logout of Workspace. It looks like the logout link logs the user out and redirects to the login page, which sees the SSO HTTP headers and logs the user back in.



Does anyone know of a way to correct this behavior?



Thanks.

Views

4.4K

Replies

13

Total Likes

Translate
Translate
13 Replies

Avatar

Community user
‎17-06-2008 06:50 PDT
This behaviour is as designed. If Workspace is configured for SSO then a Workspace logout has no real purpose. You would need to logout of the SSO session.

Views

403

Replies

0

Total Likes

Translate
Translate

Avatar

Community user
‎17-06-2008 07:36 PDT
Is there a way to remove the "Logout" link from the top menu when single sign on is enabled?

Views

403

Replies

0

Total Likes

Translate
Translate

Avatar

Community user
‎17-06-2008 09:36 PDT
Unfortunately there is no clean way to detect for SSO. The only thing I can propose is if this is a pure SSO environment then you can remove the logout button in Workspace and recompile/deploy the app.

Views

403

Replies

0

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
‎30-06-2008 07:00 PDT
I would like to know a litlle bit about how to setup the SSO for LC, is it possible to make it work with Windows domain logon?



Sincerely

Kim

Views

403

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
‎02-07-2008 04:22 PDT
Yes with LC ES Update 1 (or 8.2.1) its possible to have SSO with Windows domain logon.

The documents explaining that are currently avialable through prerelease site. If you are part of pre-release program you can access it under documentation at User Management > Enabling SSO in LiveCycle ES > Enabling SSO using SPNEGO



Let us know if you require more details on that.

Views

403

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
‎02-07-2008 22:39 PDT
Hi again,



Thanks for the info - I have found the documentation that you mention, however I still need some help setting it up. I can not get a Kerberos connection set up correctly.



I have tried several times but get the same error each time:



HTTP Status 500 -



--------------------------------------------------------------------------------



type Exception report



message



description The server encountered an internal error () that prevented it from fulfilling this request.



exception



javax.servlet.ServletException: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)



root cause



java.lang.Exception: Error calling FormActionhandler: testKerberosSettings_onClick reason: null

com.cc.framework.adapter.struts.ActionUtil.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.FWAction.handleFormAction(Unknown Source)

com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

javax.servlet.http.HttpServlet.service(HttpServlet.java:810)

com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:173)

com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)

com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:129)

org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)



I suspect that I have a problem with the setup of the SPN mapping for my Livecycle LDAP user, however I have run out of ideas for setting this up correctly.



Can you please help?



Thanks in advance



Sincerely

Kim

Views

403

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
‎03-07-2008 22:53 PDT
This issue was earlier reported and was fixed in one of the later builds (Post RC 2). Try with a more recent build and then you would not face this issue

Views

403

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
‎13-07-2008 23:31 PDT
How can I get my hands on a newer build?



Can you give me a link or something?



Sincerely

Kim

Views

403

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community user
‎17-07-2008 03:47 PDT
The problem with not being able to logout of Workspace with SSO

enabled is the following:



1. establish SSO session as user A

2. access Workspace

3. terminate the SSO session

4. establish SSO session as a new user B

5. access Workspace agiain.



I now get logged into Workspace as the original user A, as Workspace

still thinks it has an active session with my browser. I guess the

SSO credentials are only checked at initial login, so the change

is not detected.



If I now logout of Workspace, it automatically logs me back in as

the correct user B.

Views

403

Replies

0

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
‎17-07-2008 04:08 PDT
Can you clarify few points



1. How do you establish the SSO session

2. How do you terminate the SSO session



Your observation is however correct



Workspace would check and create a session for you once you "create a sso session". After that it does not rely on the "sso session" and instead creates a LiveCycle SSO session. So even if you "terminate" your sso session workspace would not detect it. You would have to explicitly logout from workspace to terminate your LiveCycle session

Views

272

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community user
‎17-07-2008 05:29 PDT
Hi John,



The intended behavior of Workspace SSO is to not ever allow a user to be in a logged out state unless the context from the point of login expires or is logged out. The fact that we still show the "logout" link when SSO is in use is unfortunate and something we will consider remedying in a future release.



Thanks,

Matt MacKenzie

Engineering Manager, LiveCycle Process Management

Views

272

Replies

0

Total Likes

Translate
Translate

Avatar

Community user
‎17-07-2008 11:52 PDT
Ok.



My bigger issue right now is the fact that I can terminate my SSO

session with the Reverse Proxy (IBM WebSeal) and create a new SSO

session as a different user, and when I access Workspace again it

thinks I'm still the original user!

Views

272

Replies

0

Total Likes

Translate
Translate

Avatar

Community user
‎17-07-2008 12:07 PDT
John,



That is a problem! Could you please log this with support, and feel free to ask them to consult with me (mattm AT adobe DOT com) on the issue.



Thanks, and apologies for the trouble you're having.



Thanks,

Matt

Views

272

Replies

0

Total Likes

Translate
Translate