OIF SAML 2.0 Global SSO Logout Is Not Performed With SalesForce Peer Provider
(Doc ID 1902478.1)
Last updated on AUGUST 09, 2018
Applies to:Oracle Identity Federation - Version 220.127.116.11 and later
Information in this document applies to any platform.
Oracle Identity Federation (OIF) does not perform SAMl 2.0 Global Single Logout (SLO) with SalesForce peer provider.
OIF 11g is configured with Oracle Access Manager (OAM) 11g as authentication engine.
OIF is configured as Identity Provider (IdP) with SalesForce as Service Provider (SP).
OIF Single Sign On (SSO) to Salesforce SP applications is successful.
However when Logout is initiated from the OAM application in the IdP domain the user is not logged out of the SalesForce SP domain. Access to the SalesForce application in the same browser session after OAM/OIF logout does not prompt for login.
Also when Logout is initiated from the SalesForce application in the SP domain the user is not logged out of OIF and OAM in the IdP domain. Access to an OAM-protected application in the same browser session does not prompt for OAM login.
Example Steps to reproduce
1. Access any OAM-protected application in the IdP domain e.g. Oracle Analytics and login.
2. Access a link that triggers OIF IdP-initiated SSO with the SalesForce SP i.e. http(s)://OIFHOST.DOMAIN:PORT/fed/idp/initiatesso?providerid=https://spapp.salesforce.com
3. Return to the Analytics application for more user activity.
4. Click Logout in Analytics.
5. Analytics calls OAM SSO logout.
6. OAM expires the OAM cookies and redirects to OIF logout at http(s)://OIFHOST.DOMAIN:PORT/fed/user/authnslooam11g
7. OIF expires the OIF session cookie and redirects back to the Analytics application
==> there is no SAML Logout request sent to the SalesForce SP by OID IdP.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|