Logging out appears to be successful but the session is still alive and user can still access the platform.
This issue is only applicable to SSO with Microsoft ADFS.
- Users logs in and logs out.
- Load up a bookmarked page to verify that login prompt is shown
- User logs in again
- User is still logged in although the logout confirmation page was shown
The root cause is related to the default RSA key and configuration requirement that signing out must be signed.
Please follow the steps below, please note that the IDP-Identity provider, in this case the record associated with your ADFS settings in Servicenow.
1 - IDP: Enable 'Signed Logout Request' tick box
2 - IDP: Update field SingleLogoutRequest'
Before: https://[ADFS server]/adfs/ls/?wa=wsignout1.0
After: https:///[ADFS server]/adfs/ls/
3 - IDP: Update field "Signing Signature Algorithm"
4 - Edit system property "glide.authenticate.sso.saml2.keystore"
The default option (Madrid) is not enough to support SAML request signing with ADFS.
5 - Upload all certificates associated with the ADFS- IDP trust chain: