Previous Topic: Configuring Persistent Attributes Works Correctly for SAML 2.0 (137052)Next Topic: SessionNotOnOrAfter Parameter Could Not Be Modified (128759,109961)

Release NotesFederation Security Services Release NotesFixes in r12 SP3Updated Session Index Causes Single Logout to Fail (123496)

Updated Session Index Causes Single Logout to Fail (123496)

Symptom:

A user authenticates at the IdP and is redirected back to the SP with an assertion. If the user clicks the browser back button upon returning to the SP, the session index is updated and stored in the SP session store.

When the user logs out, SiteMinder uses the session index from the original assertion, resulting in a session index mismatch. Single logout, if configured, fails.

Solution:

A new setting named Reuse Session Index has been added to the Single Logout tab of the SAML 2.0 Service Provider Properties. Enable this option so single log out works with third-party partners that do not honor the session index passed in newer assertions.

STAR Issue: 19613507-1