Saml 1.1 SSO Authenticated Session Is Not Properly Terminated When Logging Out

(Doc ID 1380995.1)

Last updated on DECEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version: 10.0 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

SAML 1.1 works fine, no issues, except that it fails in a scenario as follows:

If a user logs out and ends his session and then try to do another SAML SSO (without restarting his browser before a new attempt) then SAML SSO goes loop. The ACS ("Assertion Consumer Service") of destination gets SAML token without problem, validates it and makes log in with founded subject data. Then ACS tries to redirect request to the target application. Somehow target application rejects this request and flow is redirected back to Identity Provider URL. It looks like SAML SSO authenticated session of destination application is not properly terminated. Finally SAML SSO success after it has looped some minutes. Sometimes it takes five minutes sometime less.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms