Agent Guides › SAML Affiliate Agent Guide › Configure Affiliate Settings › Configure SiteMinder Sessions for Federated Single Sign-on › Log Users Out from a Session

Log Users Out from a Session

The LogOffURI attribute enables the SAML Affiliate Agent to log a user out of a session. This attribute must be set to a single URI that is present on the affiliate Web server. When a user logs out at the consumer, the SAML Affiliate Agent removes the consumer profile and session cookies and, in the case of a shared session, sends a logoff notification to the producer session server indicating that the session has ended at the consumer.

If you are using this feature for a Default session model, be aware of the following:

• The LogoffURI should be treated as a protected resource. To do this, include the URI in the AffiliateResource attribute.
• Because the consumer and producer maintain separate sessions in the Default model, users may be unaware that they have been logged out of an consumer session if the producer session is still active. If a user logs off at the consumer site, the SAML Affiliate Agent invalidates only the consumer session cookie. At the next request for a protected resource at the consumer, the user is sent back to the producer. If the producer session is still valid, the user receives new consumer cookies without being rechallenged by the producer.

  Comprehensive information about redirects between the consumer and producer are included in the SAML Affiliate Agent’s log file.

To specify a LogOffURI, enter a URI. For example:

<LogoffURI>/protected/logoff.html</LogoffURI>

Note: This element can only be used with a default or shared session.