Description of problem: Logout redirection not happening upon doing logout from SAML , Cloudforms stays logged in until the open tab is closed. Customer has other services configured with keycloack, services including JIRA, Confluence, Service Desk. All the services configured under the same Realm. All the services logging out properly, if you logout from Service Desk, JIRA is also logging out, Cloudforms doesnt logout automatically, one has to close the tab manually. Version-Release number of selected component (if applicable): Cloudforms 4.5 CFME 5.8.1.5 How reproducible: Always Steps to Reproduce: 1. Install and configure Cloudforms. 2. Configure external Authentication, referring this steps : https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6-beta/html-single/general_configuration/#saml-assertions 3. Modify the idp-metadata.xml file for SAML logout to work between mod_auth_mellon and Red Hat SSO. step 8. 4. Login to cloudforms dashboard using external authentication, now login to any other services which is same SAML realm as cloudforms, example "Service Now" and "JIRA" 5. Logout from "Service Now", then refresh the tab in which "JIRA" application UI is opened. Notice that you will be automatically logged out from JIRA. 6. Go to Cloudofrms Tab, hit browser refresh button. Actual results: Cloudforms stays logged in unless 'dashaboard' word is removed from URL or the open tab is closed. automatic redirection to logout is not working. Expected results: Cloudforms should automatically logout when from SAML signal sign. redirection should pick the logout URL and do the action. Additional info:
Prasad, Please find out from the customers what happens when the other applications are removed from the scenario and only Cloudforms is used. What happens if the user logs into only Cloudforms, with a single browser tab, then logs out of Cloudforms? Is the user correctly directed back to the Cloudforms login page? JoeV
I'd also like to know what the status of the user's session looks like in the SSO server as well once the user logs out.
setting the needs info for comments 4 & 6
John, Briefly what the customer wants is to be able to have multiple browser tabs open to different applications all authenticated via the same SAML account. Once they log off from all of the applications they want all the application sessions to immediately become invalidated and the user logged off, without having to refresh the tabs. For us to implement this it could have a performance impact because we would have to frequently confirm the session. JoeV
I'm going to close this BZ. It was reported over 2 and a half years ago and has worked correctly since. If this condition can be reproduced please reopen this or a new BZ. JoeV