SAML logout when session expires

Issue

  • The Single sign-on and Single log out are working fine when the user manually logs out but there is no Single logout happening on the portal session expiry

Environment

  • Liferay 7.0 as IdP

Resolution

  •  Service Providers (SP) only receive a maximum validity date contained in the SAML Assertion received from the IdP. SPs usually create their own  HTTP session from this Assertion (with a matching maximum duration), but both SP and IdP sessions have their own, separated lifecycles.
  • The SP and IdP session times are unique and independent.
  • It is expected that they both have their own timeout and follow their own timeout rules (as determined by the SP and IdP).
  • It is very possible that the session on the IdP continues to be active, even when the session on the SP has expired.  Also in most cases, IdP implementations don't invoke single logout when IdP's session expires.
  • This behavior is completely dependent on which service (Liferay, ADFS... etc.) are being using for SP and IdP, how they are configured, and how they were built. This is also part of the SAML 2.0 standard.

Additional Information

What is SAML?
Setting up the SAML as IdP
Setting up the SAML as SP

 

 

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助