- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-26-2017 06:25 AM
Hello everyone!
I am facing a "Security Constraints prevent access to requested page" issue when I try to log out from my instance. This was working fine in Geneva but creating issues when upgrading to Istanbul Patch 6. The environment has SSO configured. I checked the Installation Exits and it should just be a normal logout.
processNormalLogout : function() {
var s = request.getParameter('sysparm_goto_url');
if (s && GlideSecurityUtils.isURLWhiteListed(s))
response.sendRedirect(s);
else
response.sendRedirect("logout_success.do");
return true;
}
I am not sure what is sysparm_goto_url set to. This works fine in dev since dev does not have SSO. I am concerned that this will be an issue when we upgrade prod as well. Any pointers would be greatly appreciated.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2017 10:49 AM
I fixed it by setting a URL in the iDPs SingleLogout Request service. Glide property for this is glide.authenticate.sso.saml2.idp_logout_url
Following is the text in SAML properties if you would like to set it there:
The base URL to the Identity Provider's SingleLogoutRequest service. The LogoRequest will be posted to this URL as the SAMLRequest parameter
When I went into the logs, I was seeing an information message that:
IdP's Logout URL is not set!
which prompted me to think maybe this was required. This was not a requirement in Geneva and is working fine there.
Works just fine now! Posted the solution so it could help someone else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2017 10:49 AM
I fixed it by setting a URL in the iDPs SingleLogout Request service. Glide property for this is glide.authenticate.sso.saml2.idp_logout_url
Following is the text in SAML properties if you would like to set it there:
The base URL to the Identity Provider's SingleLogoutRequest service. The LogoRequest will be posted to this URL as the SAMLRequest parameter
When I went into the logs, I was seeing an information message that:
IdP's Logout URL is not set!
which prompted me to think maybe this was required. This was not a requirement in Geneva and is working fine there.
Works just fine now! Posted the solution so it could help someone else.