Agent for SharePoint Guide › Advanced Options › How to Configure Single Logout on SharePoint 2010 › Disable Client Loopback › Leave the Sign-out Service URL Unprotected
Leave the Sign-out Service URL Unprotected
As a policy administrator who manages the polices on the Policy Server, leave the sign-out service URL unprotected. Leaving the sign-out service URL unprotected prevents a security challenge from appearing during the single logout process.
Follow these steps:
- Click Infrastructure, Agent, Agent Groups.
- Select the FederationWebServicesAgentGroup name in the agent groups list and click Modify.
- Click Add/Remove.
- Select the agent you want to add to the agent group from the list of Available Members, and click the right-facing arrows.
- Click OK, Submit.
- Click Policies, Domain.
- Select FederationWebServicesDomain, and click Modify.
- Click Realms.
- Select the public realm and click Modify.
- Ensure that the Unprotected option is selected in the Default Resource Protection field. If not, select the Unprotected option.
- Click the Resource Filter field and add the following text:
/affwebservices/spsignout.jsp
- Click Finish.
- Repeat Steps 1 through 12 for each policy domain or application policy (EPM) protecting your SharePoint web applications.
The sign-out service URLs are unprotected. Continue with the next step of leaving the confirmation URL unprotected.
Leave the Confirmation Page Unprotected
As a policy administrator who manages the polices on the Policy Server, the next step in configuring single logout is leaving the confirmation page unprotected.
Leaving the confirmation page unprotected prevents a security challenge from appearing during the single logout process.
Follow these steps:
- Pick the appropriate procedure for your type of policy from the following list:
- If you use policy domains, go to Step 2.
- If you use application policies (EPM), go to Step 4.
- Leave the confirmation page unprotected in your policy domain with the following steps:
- Click Policies, Domain, Realms.
- Click Create Realm
- Verify that the domain with your SharePoint web applications is selected and then click Next.
- Enter a name and optional description for the new realm.
- Click the Lookup Agent/Agent Group button, and then add the agent object that protects your SharePoint web applications.
- Click the resource filter field, and then add the following text:
affwebservices/spsignoutconfirmurl.jsp
- Click the Unprotected option button.
- Click Finish.
- Repeat Steps 2a through 2h for each policy domain protecting your SharePoint web applications.
- Leave the confirmation page unprotected in your application policy (EPM) with the following steps:
- Click Policies, Application, Applications.
- Click the edit icon of the application that protects your SharePoint web applications.
- Verify that the General tab is selected, and then click Create Component.
- Enter a name for the component.
- Click the Lookup Agent/Agent Group button, and then add the agent object that protects your SharePoint web applications.
- Click the resource filter field, and then add the following text:
affwebservices/spsignoutconfirmurl.jsp
- Click the Unprotected option button.
- Click OK.
- Click Submit.
- Repeat Steps 4a through 4i for each application policy (EPM) protecting your SharePoint web applications.
The confirmation pages are unprotected. Have your SharePoint administrator continue with the next step of enabling single logout by running the SharePoint connection wizard.
Enable Single Logout by Running the SharePoint Connection Wizard
As an agent owner who is responsible for running the system that hosts the CA SiteMinder Agent for SharePoint, run the SharePoint connection wizard to finish enabling single logout.
Follow these steps:
- Edit the existing connection using the Connection Wizard with the following steps:
- Log in to the server that runs your Agent for SharePoint.
- Navigate to the following directory:
Agent-for-SharePoint_home/sharepoint_connection_wizard
- Agent-for-SharePoint_Home
-
Indicates the directory where the CA SiteMinder Agent for SharePoint is installed.
Default: (Windows) [32-bit] C:\Program Files\CA\Agent-for-SharePoint
Default: (Windows) [64-bit] C:\CA\Agent-for-SharePoint
Default: (UNIX/Linux) /opt/CA/Agent-for-SharePoint
- Do the appropriate step for your operating environment:
- Windows: Right-click the executable and then pick Run as administrator.
- Solaris: sh ./ca-spconnect-version_number-sol.bin
- Linux: sh ./ca-spconnect-version_number-rhel30.bin
The SharePoint Connection wizard starts.
- Click Next.
The Login Details screen appears.
- Enter the following login for the Policy Server.
- Policy Server Name
-
Specifies the Policy Server name or IP address.
- Username
-
Specifies the Policy Server administrator username.
- Password
-
Specifies the Policy Server administrator password.
- Agent Name
-
Specifies the Agent-4x. The connection with the Policy Server is established using the details given in the Agent Name.
- Shared Secret Key
-
Specifies the shared secret key that is associated with the Agent.
- Click Next
The Select Action screen appears.
- Select Edit a SharePoint Connection option.
- Click Next.
The SharePoint Connection Properties screen appears.
- Click through the wizard until you reach the Single Logout Configuration screen.
- Select the Enabled SignOut check box.
- Click the CleanUp URL field and then type the cleanup URLs from all of your protected web applications.
Note: Separate multiple URLs with semi-colons.
- Click the Confirm URL field and type the confirmation pages (URLs) from all of your protected web applications. Use the following examples as a guide:
http://marketing.example.com/affwebservices/spsignoutconfirmurl.jsp;
http://development.example.com/affwebservices/spsignoutconfirmurl.jsp
Note: Separate multiple URLs with semi-colons.
- Click through the wizard until the Commit Details screen appears.
- Click Install.
The Save Complete screen appears.
- Click Done.
The SharePoint connection wizard closes. Single logout is enabled.
Copyright © 2013 CA.
All rights reserved.
|
|