Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
federicotedesco
Partner - Contributor II
Partner - Contributor II

Qlik Sense QAP Logout using oam does not work

Hi everyone,

we have a problem when the user click logout, bellow the detail:

Oracle Access manager acts as IDP.
Federations (service provider) SP1, Qlik integrated correctly with OAM.
Qlik (Mashup) is placed inside iFrame of SP1 application.

Steps to reproduce ERROR:
1. Login to SP1 with user that has access to both SPs -> works right
2. Click on iFrame (with Qlik) -> works right
3. Click Logout ( <a href="https://sp1/customer/account/logout/")
4. With F12 in browser are present the next requests :

Request URL: https://sp1/sso/saml2/logout/
Request Method: GET
Status Code: 302

Request URL: https://oam_server/oamfed/idp/samlv20?SAMLRequest=.................
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://oam_server/oam/server/logout?p_done_url=https%3A%2F%2FOAM_SERVER%2Foamfed%2Fuser%2Fslooam11g%3Fid%3Doam11g%26type%3D3&invokeOSFSLogout=false
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://oam_server/oamfed/user/slooam11g?id=oam11g&type=3
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://Qlik/samlauthn/slo/?SAMLRequest=.................
Referrer Policy: strict-origin-when-cross-origin

The last request (https://Qlik/samlauthn/slo/?SAMLRequest=.................) REMAIN IN PENDING despite OAM user session is correctly closed.

How we can configure qlik to correct logout initiated by OAM?

Any suggestions on how to address this issue?
Thanks a lot

Federico

1 Solution

Accepted Solutions
Damien_V
Support
Support

Hi @federicotedesco 

Qlik Sense only supports Service Provider initiated SAML single logout

See on the help site: https://help.qlik.com/en-US/sense-admin/February2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

"Qlik Sense only supports logout initiated by the service provider."


Which means that the single logout will only work if you initiate it from Qlik Sense (Logout button on the hub or Qlik Proxy API - DELETE /qps/user  )

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

1 Reply
Damien_V
Support
Support

Hi @federicotedesco 

Qlik Sense only supports Service Provider initiated SAML single logout

See on the help site: https://help.qlik.com/en-US/sense-admin/February2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

"Qlik Sense only supports logout initiated by the service provider."


Which means that the single logout will only work if you initiate it from Qlik Sense (Logout button on the hub or Qlik Proxy API - DELETE /qps/user  )

If the issue is solved please mark the answer with Accept as Solution.