Skip to Content
author's profile photo Former Member
Former Member

Unable to log off in Netweaver Portal 7.0 after implementing SPNego

Hi ,

I am unable to log off in Portal 7.0 after implementing SPnego mechanism.

We are using LDAP user store and hence it authenticates with Windows userid and password automatically without

askng for the same userid and password again to login in portal.

This is the reason whenever I click on Logoff link in portal, it re-authenticates the Windows userid and password

and continues my login instead of redirecting me to the login page and closing my session.

I want to continue with Single Sign On with Windows but I also want to display the login screen to the user and close his session after he clicks on log off which I am not able to do as of now.

Need help.

Add a comment
10|10000 characters needed characters exceeded

Related questions

5 Answers

  • author's profile photo Former Member
    Former Member
    Posted on May 03, 2010 at 09:42 PM

    Hi Anand

    By default in portal, when you log off the portal will route to the login page.

    What is happening in your case is that the login page again uses the Windows Credentials to log the user back into portal. You can change the log-off url of the portal from the default login page to something else like the company website or some other default url for ur company.

    To configure the log-off url you can follow this link


    Best regards,

    Ritesh Chopra

    P.S.: Grant points if the solution was helpful 😊

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thanks for this info.

      But the problem is I cant redirect the user to any other page as my requirement is user should go back specifically to the login page only. Currently due to SSO with Windows Active Directory, only 1 user can login to portal from 1 machine as it authenticates the windows userid and password of only that user who has logged in on that machine. But incase any other user needs to login on the same machine he simply cant do. Hence I want to bring the login page page as soon as user clicks on log off so that other users can also login from that machine.

      I think that in case I could create a custom login page and redirect the user to that page then it is possible.

      But can you tell me how to create a custom login page which is exactly similar to the default one?

  • author's profile photo Former Member
    Former Member
    Posted on Dec 15, 2010 at 05:32 PM

    Hi Anand, did you implement a solution per the details of your last post? We are interested in finding the same solution. Thank you.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 16, 2010 at 01:25 PM


    during SPNego configuration the server FQDN was added to the AD. SSO is activated for this FQDN.

    To get the normal logon page of the portal, access the portal by a non-SSO activated FQDN::


    Configure the UME logoff URL to the non-SSO FQDN. Simple way to test this is to access the portal server by IP. You'll see the logon page.



    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 16, 2010 at 02:33 PM

    Hi Anand,

    It's not possible to go back to login screen after implementing spnego.

    So, the solution you can do is you can either redirect to some other screen by clicking on logoff or close the window. For closing you can keep a self and parent closing html page inside KM and can call it on logoff.



    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 20, 2010 at 03:27 AM

    Not certain why one would want to have this done in a productive environment. A user should rather log-off from the windows managed environment on user change in SPNEGO.

    Work Around:

    In a testing environment however (you can even do this in prod - but you need to re-instate the users browser settings again for SPNEGO SSO when your revert) you can go to the internet explorer settings in your IE browser (Advanced Tab) to disable Authenticated Windows Integration. save the settings, close the browser and open a new session with the changed brwoser settings, navigate to the portal and you will be prompted for UID/PASS. This is usefull when testing under different ID's etc. on different terminals without having to redirect users or log-off from Windows.


    In order to achieve what you are attempting you will need to invalidate the authentication token entirely - even if a FQDN change is issued (which is not registered), the session is still maintained by the environment under the redirect or if a user opens a new session so SSO will still be present. You could create a custom change that invalidtes the token for a user for a specific browser session, however nothing stops them from opening a new one and continuing again - th9s would require development though.

    The redirect option may work however you will need to handle browser return navigation (prevent them from using "back" option) - again either custom code or jscript enhancement.

    Hope this helps

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.