1 Reply Latest reply on Mar 31, 2014 10:35 AM by Anil Saldanha

    Picketlink single sign off

    Igor Hevčuk Newbie

      I  am relatively new to Picketlink and as far I have deployed one application as IDP and sales.war as service provider. Everything works fine, except one thing. Scenario is as follows:

       

      1. I login to my IDP, index page of IDP app is shown. Ok, expected.
      2. I try to access some page in service provider application. Ok, login page didn't appear (because I am logged in to IDP), and requested page is shown. Expected.
      3. Now I hit logout button in my IDP app, session is invalidated and I am logged out from IDP. Expected.
      4. Now if I try to access some page in service provider app, this page is shown without login screen. This behaviour is unexpected for me because I want to be redirected again to IDP login page as I don't have session anymore.


      I am using Jboss7.1.1 and Picketlink 2.1.8.Final. Thanks!

        • 1. Re: Picketlink single sign off
          Anil Saldanha Master

          In the IDP initiated SSO use case as you are describing, the Service Provider is reached via the IDP, the SP creates its own session independent of the IDP.  So if you log out at the IDP, it is not reflected at the SP.

           

          Best it to undertake Service Provider initiated SSO where the user reaches the SP first and then hitting logout at the SP will invalidate all sessions (at the SPs and the IDP).