Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
federicotedesco
Partner - Contributor II
Partner - Contributor II
‎2021-03-08 07:23 AM

Qlik Sense QAP Logout using oam does not work

Hi everyone,

we have a problem when the user click logout, bellow the detail:

Oracle Access manager acts as IDP.
Federations (service provider) SP1, Qlik integrated correctly with OAM.
Qlik (Mashup) is placed inside iFrame of SP1 application.

Steps to reproduce ERROR:
1. Login to SP1 with user that has access to both SPs -> works right
2. Click on iFrame (with Qlik) -> works right
3. Click Logout ( <a href="https://sp1/customer/account/logout/")
4. With F12 in browser are present the next requests :

Request URL: https://sp1/sso/saml2/logout/
Request Method: GET
Status Code: 302

Request URL: https://oam_server/oamfed/idp/samlv20?SAMLRequest=.................
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://oam_server/oam/server/logout?p_done_url=https%3A%2F%2FOAM_SERVER%2Foamfed%2Fuser%2Fslooam11g%3Fid%3Doam11g%26type%3D3&invokeOSFSLogout=false
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://oam_server/oamfed/user/slooam11g?id=oam11g&type=3
Request Method: GET
Status Code: 302 Moved Temporarily

Request URL: https://Qlik/samlauthn/slo/?SAMLRequest=.................
Referrer Policy: strict-origin-when-cross-origin

The last request (https://Qlik/samlauthn/slo/?SAMLRequest=.................) REMAIN IN PENDING despite OAM user session is correctly closed.

How we can configure qlik to correct logout initiated by OAM?

Any suggestions on how to address this issue?
Thanks a lot

Federico

1,003 Views
0 Likes
1 Solution

Accepted Solutions
Damien_V
Support
Support
‎2021-03-11 08:54 AM

Hi @federicotedesco 

Qlik Sense only supports Service Provider initiated SAML single logout

See on the help site: https://help.qlik.com/en-US/sense-admin/February2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

"Qlik Sense only supports logout initiated by the service provider."


Which means that the single logout will only work if you initiate it from Qlik Sense (Logout button on the hub or Qlik Proxy API - DELETE /qps/user  )

If the issue is solved please mark the answer with Accept as Solution.

View solution in original post

953 Views
1 Reply
Damien_V
Support
Support
‎2021-03-11 08:54 AM

Hi @federicotedesco 

Qlik Sense only supports Service Provider initiated SAML single logout

See on the help site: https://help.qlik.com/en-US/sense-admin/February2021/Subsystems/DeployAdministerQSE/Content/Sense_De...

"Qlik Sense only supports logout initiated by the service provider."


Which means that the single logout will only work if you initiate it from Qlik Sense (Logout button on the hub or Qlik Proxy API - DELETE /qps/user  )

If the issue is solved please mark the answer with Accept as Solution.
954 Views