How To
Summary
Configuring the ADFS logout page
Steps
To successfully configure a log out URL in IBM Resilient when using ADFS as your SAML IdP you need to follow the following steps. Failing to add additional configuration in ADFS and enabling a -logouturl in Resilient will stop you from being able to successfully log into Resilient and the following error seen in the client.log.
java.lang.RuntimeException: javax.servlet.ServletException: org.opensaml.xml.validation.ValidationException: SAML session index not found
The aim of this exercise is to redirect Resilient users to the ADFS logout page where the SAML token will be removed from your browser.
Create an incoming claim rule
Without the name id rule, ADFS will not provide a session index. The session index identifies the user session. When a user logs out of Resilient, the session index is passed back to ADFS so that ADFS know which session to expire.
Configure the logout page
If you decide to populate the Response URL field your browser will be redirected else where, maybe a prettier logout page for example.
Now add the logout URL to the SAML configuration.
$ sudo resutil samledit -alias resilient -logouturl https://ad.cb.com/adfs/ls/?wa=wsignout1.0
$ sudo resutil samlshow
Organizations: Collaborationben (create users)
Alias: resilient
Service Provider Identifier: https://resilient.cb.com/saml2/resilient
Authentication URL: https://resilient.cb.com/saml2/resilient
Identity Provider Authentication URL: https://ad.cb.com/adfs/ls/
Identity Provider Logout URL: https://ad.cb.com/adfs/ls/?wa=wsignout1.0
Binding Type: Post
Identity provider metadata URL: null
Identity provider metadata minimum refresh delay: null
Identity provider metadata maximum refresh delay: null
Identity provider HTTP/S requests must be signed: false
The SAML metadata and service provider certificate have been written to resilient-metadata.xml and resilient-sp-cert.pem.
Restart Resilient
On clicking "logout" the URL is redirected to the ADFS logout page defined in the -logouturl value.
You cannot access Resilient without going through the SAML authentication mechanism again.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm11159864