Web Agent Guides › Web Agent Configuration Guide › Single Sign-On (SSO) › How Full Logoff Works › Configure Full Logoff

Configure Full Logoff

Full logoff uses a custom logoff page that you create along with the following parameter:

• LogOffUri

  Enables full log off and specifies the location of a custom web page on your web server that appears to users after they are successfully logged off. You must configure this page so that it cannot be stored in a browser cache. Otherwise, a browser may display a logoff page from its cache without logging the user off. This may give an unauthorized user an opportunity to assume control of a session.

  Note: When the CookiePath parameter is set, the value of the LogOffUri parameter must point to the same cookie path. For example, if the value of your CookiePath parameter is set to example.com, then your LogOffUri must point to example.com/logoff.html

  Default: No default

  Limits: Do not use a fully qualified URL.You must use a relative URI.

  Example: /Web pages/logoff.html

To configure full logoff

1. Create a custom HTTP application to log the user off, for example, add an Exit or Sign Off button that redirects the user to a URL you specify.
2. To make sure that an HTML logoff page is loaded from the web server and not from the browser's cache, set up the logoff page so it cannot be cached in the browser. For example, for HTML pages, you can add the following meta tags to the page:

   <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   

   <META HTTP-EQUIV="Expires" CONTENT="-1">
   

   Important! Meta tags may not always work with an Internet Explorer browser. In this case, use a cache-control HTTP header.

3. Configure the LogOffURI parameter with the following steps:
   1. Delete the pound sign (#), if necessary.
   2. Enter the URI of the custom HTTP file that will log the user off. Do not enter a fully qualified URL.

      Full logoff is configured.