Two ways to log off a user

book

Article ID: 14590

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

CA SSO provides functionality of that a user is completely logged off from a user session.



A file "msrlogout.fcc" exists under the <webagent_install>/samples/forms directory.

 

The content of "msrlogout.fcc": 

@smlogout=true
@target=/servlet/MSR/admin/launch.html

 

What functionality does the file "msrlogout.fcc" provide?

Environment

All supported Web Agent

Resolution

There is a well known ACO parameter LogOffUri to log off a user from the session.

 

On the other hand, Web Agent Configuration Guide explains "Comprehensive Log Out using FCC Forms". The file "msrlogout.fcc" is an example of it. This method provides an alternative to the LogoffUri parameter.

This file contains both the @smlogout directive and the @target directive. When the user retrieves the logout file, they are logged out and redirected to the location specified in the @target directive.

The user may access the below URL to log off the session.

http://servername.example.com/siteminderagent/forms/msrlogout.fcc

 

As a summary, in order to enable log off function, you may make use of either LogOffUri OR FCC Forms, but not in mixed. (i.e., do not set msrlogout.FCC to LogoffURI.)

 

Notes:

  1. When logged off by FCC Forms such as "msrlogout.fcc", the trusted host name is written in audit log (smaccess.log), instead of agent name.
    AuthLogout PS20 [05/Jun/2017:10:43:15 +0900] "192.168.50.20 Robm" "iis-trustedhost" [] [41]  [] []
  2. If you want to log off a user from multiple cookie domains, use an ACO parameter LogOffUri as documented in "Configure Full Logoff".

Additional Information

Documentation: Comprehensive Log Out

  • See the section "Configure Full Logoff" for ACO parameter LogOffUri .
  • See the section "Configure Comprehensive Log Out using FCC Forms" for FCC based method.

Community page: SiteMinder logout flow