Could be possible to define more than one global disconnection URI in LogoffUri parameter?
search cancel

Could be possible to define more than one global disconnection URI in LogoffUri parameter?

book

Article ID: 51427

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

Yes, there is only one LogoffURI value per Agent Configuration Object but :

  1. It is possible to have different LogoffURI values on different webservers,
  2. Also the LogoutURI parameter is also pattern match prefix, so for instance you can specify:

              LogoutURI= /siteminderagent/forms/logout

              And that will match both:

              /siteminderagent/forms/logout.html
              /siteminderagent/forms/logoutspecial.html

              Each will perform the siteminder logout function.

Solution:

Yes, you can only define one LogoutURI value per Agent Configuration Object but :

  1. It is possible to have different LogoutURI values on different webservers, since each will usually have a separate ACO object for each distinct webagent.
  2. Also the LogoutURI parameter is also pattern match prefix, so for instance you can specify:

              LogoutURI= /siteminderagent/forms/logout

              And that will match both:

              /siteminderagent/forms/logout.html
              /siteminderagent/forms/logoutspecial.html

              Each will perform the siteminder logout function.

              That way you have a number of targets that will match and perform the Siteminder logout function,
              but can then perform different functions or display different logout pages as you require.

Other Information that may be on interest:

The Siteminder logout function essentially deletes the SMSESSION cookie value. Since in some cases the normal way to delete browser session cookies can fail (with some older IE versions). The SMSESSION cookie is set to SMSESSION=LOGGEDOFF

The common problem is usually to provide a post logout page, that either returns to a different page depending upon where the user came from, often done by a redirect back to a page based on where the user came from, or the page wants different branding depending upon where it came from.

Although most of this can be done by the above, at times customers have written their own routines, sometimes in javascript run at the browser end to set or delete the SMSESSION cookie values.

Another trick, is the loading of the logout URL into a component on a page, such as into a hidden image rather than re-directing the whole users browser to the logout URI. This will effectively run the Siteminder logout process, but allow the designer to embed the single Siteminder logout reference on any number of web pages.

Environment

Release:
Component: SMPLC
Powered by Wolken Software