Previous Topic: Solution 5: Single Logout (SAML 2.0)

Next Topic: Solution 7: Identity Provider Discovery Profile (SAML 2.0)

Solution 6: WS-Federation Signout

Solution 6 illustrates how SiteMinder Federation Security Services can be employed to solve Use Case 6: WS-Federation Signout.

In this solution:

WS-Federation signout is enabled using the FSS Administrative UI at the Account Partner and the Resource Partner.

The following figure illustrates WS-Federation sign-out.

ws-federation signout solution

Note: The SPS federation gateway can replace the Web Agent and Web Agent Option Pack to provide the SiteMinder Federation Web Services application functions. For information about installing and configuring the SPS federation gateway, see the CA SiteMinder Secure Proxy Server Administration Guide.

The sequence of events is as follows:

  1. An employee performs single sign-on between smcompany.com and ahealthco.com. As a result, smcompany.com places information about ahealthco.com in its session server. Ahealthco.com places information about smcompany.com in its session server.
  2. After the employee has finished looking at her health benefits, she clicks a log-out link at the Account Partner, which calls the signout servlet at the Account Partner.
  3. The user's session is terminated from the Account Partner's session store and all references to Resource Partners for that user are also removed from the session store.
  4. The Account Provider retrieves a SignoutConfirm JSP page, which includes a Signout Cleanup URLs for each Resource Partner.

    The SignoutConfirm page generates a frame-based HTML page with each frame containing a signoutcleanup URL for each Resource Partner associated with the user session.

  5. The user's browser then accesses the signout Cleanup URL at ahealthco.com and the user's session is removed from the session store.
  6. The user's browser is finally sent back to the Account Partner.

Steps 4-6 are repeated for each Resource Partner simultaneously for complete signout for that user session.


Copyright © 2010 CA. All rights reserved. Email CA about this topic