This section contains the following topics:
How to Configure Full Logoff for Single Sign-on
Configure Comprehensive Log Out using FCC Forms
Full logoff support enables a Web developer to make sure that a user is completely logged off from a user session. This protects resources because it gives users a way to end a session without exiting the Web browser and prevents an unauthorized person from assuming control of an open session.
A full logoff uses the following process:
The user is completely logged off.
The full log-out feature uses a custom log-out page that you create with the following parameter:
Enables the full log-out function by specifying the URI of a custom web page. This custom web page appears to users after they are successfully logged off. Configure this page so that it cannot be stored in a browser cache. Otherwise, a browser could possibly display a log-out page from its cache without logging the user off. If this situation happens, unauthorized users could possibly have an opportunity to assume control of a session.
Note: When the CookiePath parameter is set, the value of the LogOffUri parameter must point to the same cookie path. For example, if the value of your CookiePath parameter is set to example.com, then your LogOffUri must point to example.com/logoff.html
Default: (all agents except the CA SiteMinder® Agent for SharePoint r12.0.3.0) No default
Limits: Multiple URI values permitted. Do not use a fully qualified URL.Use a relative URI.
Example:(all agents except the CA SiteMinder® Agent for SharePoint r12.0.3.0) /Web pages/logoff.html
Follow these steps:
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
Important! Some web browsers do not support meta tags. Use a cache-control HTTP header instead.
The full log-out feature is configured.
In a single sign-on environment, the session cookies are removed only from the local cookie domain and the cookie provider domain associated with the Web Agent. For single sign-on across multiple cookie domains, the full log-off feature of CA SiteMinder® does not automatically log a user off across all the cookie domains that the user has visited.
To configure log-offs across multiple cookie domains, use the following process:
The following illustration shows an example of using a centralized log-off page:
Note: You can also place the hyperlinks inside <iframe> tags instead of <frame> tags.
If you use FCC forms to authenticate your users, you can configure a comprehensive log out with your FCC form. This method provides an alternative to the LogoffUri parameter.
Follow these steps:
web_agent_home/samples/forms
Indicates the directory where the CA SiteMinder® Agent is installed.
Default (Windows 32-bit installations of CA SiteMinder® Web Agents only): C:\Program Files\CA\webagent
Default (Windows 64-bit installations [CA SiteMinder® Web Agents for IIS only]): C:\Program Files\CA\webagent\win64
Default (Windows 32-bit applications operating on 64-bit systems [Wow64 with CA SiteMinder® Web Agents for IIS only]): C:\Program Files (x86)\webagent\win32
Default (UNIX/Linux installations): /opt/ca/webagent
@smlogout=true @target=http://server_name.example.com/directory/your_logout_page.html
Note: your_logout_page indicates a custom html page you create to inform users that they have logged out.
Comprehensive logout using FCC forms is configured.
Copyright © 2014 CA.
All rights reserved.
|
|