Signed out message for Adaptive Auth when using SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2023 12:44 PM - edited 06-23-2023 12:45 PM
We are starting down the road of using Adaptive auth... I have it configured...and it works as I expect it to related to access... the issue I have... is when the AA policy is triggered and you are blocked from logging in
We use SSO for access to the system. We have a logout redirect... and when the Adaptive auth blocks you, it sends you to this redirect... so all the user sees is "You've been logged out"... it also causes a logout of all their other systems... since the redirect is to the SSO.
Does anyone know of a way we can intercept the logout and display something more meaningful when they are logged out because of AA? We could NOT use the redirect at all... but then "Logging out" manually wouldn't have the same intended effect...
We could create our own version of external_logout_complete.do, but I'm not sure how to pass anything to it from adaptive auth when it's triggered...
Has anyone else walked this road before...?
Currently on Tokyo Patch 8
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2023 10:06 PM - edited 07-19-2023 10:08 PM
This is likely due to the SAML Service provider (SP) initiated - Single logout (SLO) profile. The idea is when a user logs out from one service provider (in this case, ServiceNow) Identity provider also sends a SAML logout request to other SPs whose sessions are running in the same browser before clearing the IdP session.
When AA policy blocks the SAML login, it also initiates the SAML single logout flow, which in turn logs out IdP and other SP sessions. This is recommended from a security best practice perspective.
I will check and get back to see if there is a way to show a custom info message to the user to tell them that logout is happening due to a security policy defined by the admin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2025 01:14 PM
Was this ever resolved? We are running into the same thing. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2025 01:17 PM
No, not that I'm aware of... we ultimately didn't use AA for other reasons... this wasn't the final catalyst that killed it but it was part of it. So I can't offer anything that may have changed in versions after this was posted.
