Skip to Content
avatar image
Former Member

'log-off' in SSO asking ID and password in Mozilla FF

Hi all,

The 'log-off' once we are logged in thru SSO (using Kerberos) was directed to a static page by setting the parameter ume.logoff.redirect.url in configtool. This asks for an ID and password once I hit 'log off' in Mozilla FF. The same works good for IE. The problem is seen both in Win7 and XP machines. UME is integrated to LDAP.

Any input is greatly appreciated.

Thanks and regards,

Rosun

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Dec 28, 2010 at 01:50 PM

    The difference might be due to the fact that IWA (Integrated Windows Authentication) is not implemented same in FF and IE. in IE you turn on IWA via Internet Settings, but in FF you have to set various configuration parameters in FF.

    Also, does your logoff URL clear the authentication cookies from browser ? If it does, maybe it is assuming IE browser is used, and is not using the correct javascript to clear cookies in FF.

    Thanks,

    Tim

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 28, 2010 at 01:04 PM

    Hi,

    This seems to be a bug in Mozilla. Which version of Mozilla you are using. Check the mozilla bugzilla site for more information on Kerberos bugs.

    Regards,

    Raghu

    Add comment
    10|10000 characters needed characters exceeded

    • Rosun,

      Modify your logoff html page so that following is between <HEAD> and </HEAD>

      <sc-ript type="text/java-script">

      function clearcache()

      {

      document.execCommand( 'ClearAuthenticationCache' );

      }

      </sc-ript>

      Then add following section between <BODY> and </BODY>

      <sc-ript type="text/java-script">

      clearcache();

      </sc-ript>

      Let me know if this helps.

      Also, make sure the logoff page URL is in same DNS domain as your SAP system. e.g.if you access SAP using sap.company.com you could make the logoff page logoff.company.com

      Note: I added - into the code above to make SDN accept the code. Please remove the - when adding to your logoff page.

      Edited by: Tim Alsop on Dec 29, 2010 10:47 AM

  • avatar image
    Former Member
    Dec 30, 2010 at 07:06 AM

    This issue is resolved. We deployed a .ear log-off page instead via SDM and changed the log-off parameter in configtool.

    Thanks to all.

    Add comment
    10|10000 characters needed characters exceeded