Issue with SAML 2.0 Authentication when logging out
Application Type
Reactive
Service Studio Version
11.11.5 (Build 44224)
Platform Version
11.9.0 (Build 17011)

I am working on an application that currently uses the forge component IdP to handle SAML  Authentication. However, this module is not supported by OutSystems, and we have been told we can use SAML 2.0 Authentication provided by OutSystems own user module, as described in https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/End_User_Management/End_Users_Authentication/Configure_SAML_2.0_Authentication

I set up a new end user module to test this, and logging in to my test module works fine (The OnException flow is handled for Security Exceptions,  which redirects me to our external login page, and once logged in, I am taken to my test page.)

However, the issue occurs when logging out. As described by the documentation https://success.outsystems.com/Support/Enterprise_Customers/Upgrading/Updating_the_login%2F%2Flogout_flows_of_your_Reactive_Web_App_to_support_SAML_2.0 , I am calling the server action (in the Users module) User_GetUnifiedLogoutUrl. This returns the URL: /Users/Logout.aspx?OriginalURL=xxxxx

However, although this URL does appear to log me out, it ultimately redirects me to a page with the URL https://<environment>/idp/LoggedOut.aspx which simply says "You have successfully logged out". Now, the URL refers to the module idp, which is still installed in our environment, but is not referenced by my test project.

My question is, should the logout process be redirecting to a page in the idp module? Is there any way to configure it so it redirects to a login page? I can't see anywhere in the Users module to configure such a thing (The configuration screen I am using is https://<environment>/Users/ConfigureAuthentication.aspx)

ScreenshotofLoggedOutPage.png

Champion

Hi Timothy Case,

You are using  forge component IdP to handle SAML  Authentication and other side you start using Outsystems User module. Have you changed SAML 2.0 configuration at Service provider accordingly User module? 

When you are logging out , It send request to Service provider but if there is configured single sign on url is https://<your_personal>outsystemscloud.com/idp/sso.aspx , in that case it is redirecting to your Idp logout page. 

So, I think you need to reconfigured Service provider according to user module. 


cheers,



Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.