Saml 1.1 SSO Authenticated Session is not Properly Terminated When Logging Out
(Doc ID 1380995.1)
Last updated on JUNE 10, 2022
Applies to:Oracle WebLogic Server - Version 10.0 and later
Information in this document applies to any platform.
SAML 1.1 works fine, no issues, except that it fails in a scenario as follows:
If a user logs out and ends his session and then try to do another SAML SSO (without restarting his browser before a new attempt) then SAML SSO goes loop. The ACS ("Assertion Consumer Service") of destination gets SAML token without problem, validates it and makes log in with founded subject data. Then ACS tries to redirect request to the target application. Somehow target application rejects this request and flow is redirected back to Identity Provider URL. It looks like SAML SSO authenticated session of destination application is not properly terminated. Finally SAML SSO success after it has looped some minutes. Sometimes it takes five minutes sometime less.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document