SSO Logout Issue - Security Constraints prevent access to page

manishm · ‎06-26-2017

Hello everyone!

I am facing a "Security Constraints prevent access to requested page" issue when I try to log out from my instance. This was working fine in Geneva but creating issues when upgrading to Istanbul Patch 6. The environment has SSO configured. I checked the Installation Exits and it should just be a normal logout.

processNormalLogout : function() {

var s = request.getParameter('sysparm_goto_url');

if (s && GlideSecurityUtils.isURLWhiteListed(s))

response.sendRedirect(s);

else

response.sendRedirect("logout_success.do");

return true;

}

I am not sure what is sysparm_goto_url set to. This works fine in dev since dev does not have SSO. I am concerned that this will be an issue when we upgrade prod as well. Any pointers would be greatly appreciated.

manishm · ‎06-29-2017

I fixed it by setting a URL in the iDPs SingleLogout Request service. Glide property for this is glide.authenticate.sso.saml2.idp_logout_url

Following is the text in SAML properties if you would like to set it there:

The base URL to the Identity Provider's SingleLogoutRequest service. The LogoRequest will be posted to this URL as the SAMLRequest parameter

When I went into the logs, I was seeing an information message that:

IdP's Logout URL is not set!

which prompted me to think maybe this was required. This was not a requirement in Geneva and is working fine there.

Works just fine now! Posted the solution so it could help someone else.

View solution in original post

manishm · ‎06-29-2017