SAML Single Log Out with Azure AD as IDP in SAP HANA
Question
How do I implement SAML Single Log Out with Azure AD as IDP in SAP HANA?
I have defined a web app in Azure to access to resources hosted on SAP HANA as described in this link . In the web app is defined a logout endpoint which is
https://login.windows.net/common/wsfederation?wa=wsignout1.0
From browser I log to Azure AD and then I access to the resources on HANA. After I called the endpoint from address bar of the browser, I have to close all browser windows in order to do a proper logout.
- Is this the expected behavior when I log out?
- How do I implement a SAML Single Log Out in a native app? Is that realistic scenario?
Thanks
1 answers
solution1
2 ACCPTED 2018-05-02 17:00:23
Yes, this is the expected behavior because you are using WS-Fed logout. In this case SAP Hana (might be Hana Identity Manager) is redirecting to this URL for doing single log out. Azure AD does support SAML Single sign-out also. But you need to check that first with SAP HANA. If they support SAML based single sign-out then application can send the SAML Logout POST Request to Azure AD and then Azure AD can logout the user and redirect back the user to another page as specified in the request.
This detailed flow is documented here https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-single-sign-out-protocol-reference
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.