Support Article
SSO logoff works in IE but not in Firefox
SA-14536
Summary
After clicking logoff button, the user should be signed off from SSO and the log out page should be displayed using a meta-refresh tag with SSO logout URL in the "Web-Session-Return" HTML that is called from EndSession activity.
This implementation works fine in IE11, however, the authentication cookies are not deleted on Firefox. As a result, the user is redirected without challenging the SSO Login to access the system again.
Error Messages
SMSESSION Authentication cookies not getting removed or set to none.
Steps to Reproduce
Add a link with an action, "Logoff" which calls EndSession activity. Add the SSO Logout URL in the "Web-Session-Return" HTML rule to logout from SSO.
Root Cause
The problem was with the Siteminder logoff processing not clearing the SMSESSION Cookie when using Firefox.
PRPC cannot control the SMSESSION cookie as it is not an application cookie. Only the Pega-RULES cookie can be controlled as that is the application cookie.
Resolution
This is not a PRPC issue. The SMSESSION cookie not cleared with Firefox is an issue that needs to be worked on with Siteminder support.
Published October 1, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.