Novell Home

My Favorites

Close

Please to see your favorites.

Logout pages on IDP server not executed when loging out of ADFS server using ws-fed

This document (7013197) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Access Manager 3.2
ADFS with ws-federation protocol enabled
NetIQ Identity Server acting as a ws-federation Service Provider

Situation

With no remote authentications, we can do our local login and logout using /nidp/app/plogout so that the logoutSuccess.jsp gets executed.

When doing a remote authentication via ws-fed, the logout seems to fail and the logoutSuccess.jsp page is not executed. The user hit's the NAM Identity server, clicks on the ws-fed authenitcation card which then generates the login request to the ADFS ws-federation Identity server. After the user has logged in successfully via the ADFS login page, the user is successfully redirected back to the NAM Identity server portal page.

When the user tries to logout of the ADFS Identity Server, the session on the NAM Identity server does not get logged out. The adfs server logs the user via /nidp/wsfed/term path, but this fails to actually log the user out.

Resolution

The single logout (invoked from either the IDP or SP side) only works if the logout url defined for the NAM Identity server was EITHER
- "/nidp/wsfed/spassertion_consumer" or
- "/nidp/wsfed/ep"

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7013197
  • Creation Date:03-SEP-13
  • Modified Date:03-SEP-13
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback