tx49w (tx49w) asked a question.
Saml 2.0 Single logout logging me back in after logging out.
I have a simple web application that uses saml for authentication and saml/slo(SingleLogout) for Logout. I am using the default okta provided page for logging. when the user logs out of the application, the call to the single logout is made and we are re-directed to the login page, but we again then get logged back in without asking for credentials. The application is again logging us back in. we verified that the session from our application is being cleared. Is Okta clearing the user session? Why is this happening?
Hi Rabbani,
Is the Okta session terminated as well? If you open another tab with the Okta URL do you get an authentication prompt or you're already logged in (if that's not happening most likely your SLO is not working)? Also, do you have IWA enabled (IWA will automatically log you back in and renew both sessions)?
In this case, the best option would be to open a support case for further troubleshooting.
Thank You,
Alexandru Moraru
Technical Support Engineer
Okta Global Customer Care
I am not using DSSO / Okta IWA. The logout call is SP initiated. When I open another tab with Okta URL, I do not get an authentication prompt and am already logged in. I see that sid is not being cleared by okta in the response to saml logout request.
I hope DSSO might be enabled. You need to provide an other SLO URL. This will fix the issue.