Web Agent Guides › Web Agent Configuration Guide › Single Sign-On (SSO) › How Full Logoff Works › How to Configure Full Logoff for Single Sign-on
How to Configure Full Logoff for Single Sign-on
In a single sign-on environment, the session cookies are removed only from the local cookie domain and the cookie provider domain associated with the Web Agent. For single sign-on across multiple cookie domains, the full log-off feature of SiteMinder does not automatically log a user off across all the cookie domains that the user has visited.
To configure log-offs across multiple cookie domains, use the following process:
- Create one centralized log-off page that contains separate frames (or iframes) for the other cookie domains in your SSO environment. These frames can be a small size, such as 1x1 pixels.
- For each frame of the centralized log-off page in Step one, add a hyperlink to the Logoff URI of the associated cookie domain. For example, if you have two other cookie domains, example.org and example.net, you would do the following steps:
- Add a hyperlink to the Logoff URI of example.org to one frame.
- Add a hyperlink to the Logoff URI of example.net to the other frame.
- Configure the LogoffURI of the cookie provider domain to point to the centralized log-off page. When the web server loads this log off page, the frames in the centralized log-off page call the logoff pages from the other cookie domains. The user is logged off from all the cookie domains at once.
The following illustration shows an example of using a centralized log-off page:
Note: You can also place the hyperlinks inside <iframe> tags instead of <frame> tags.
