In our application we are using the siteminder for the authentication of the users. Whenever the user is authenticated by the siteminder the user is being taken to the application welcome page.Then user performs his own activities and after that whenever he is logging out, i am taking him to the logout page and before that i am clearing all the sessions using the session.invalidate and also setting the session = null. I porvide a link the logout page where the user can click to relogin to the application. So whenever the user clicks on it he should be prompted with the siteminder login screen, instead it is directly taking me to the application. So i dont know wht to do. But if i close the window and open the new window i am getting that login prompt.But when the users types the same URL in the same page he is taken into the application without login screen
Please help me with this issue
Joined: Aug 12, 2007
As I understand siteminder stores the username and password for each application it manages. When a new request comes it checks if the request is authenticated if not, it do the login (using stored user details) to the application and then forward the request to original request.
I provide a link the logout page where the user can click to relogin to the application. So whenever the user clicks on it he should be prompted with the siteminder login screen, instead it is directly taking me to the application.
This is more of a design issue. Re-login link should point to welcome page not the login page. If the welcome page is protected, appropriate login page will be displayed.
But if i close the window and open the new window i am getting that login prompt.
when you close and re-open the window it is new session; old login is lost
But when the users types the same URL in the same page he is taken into the application without login screen
When you type URI on the same window, it is the same session and login is carried forward.
If I disable the Webagent, this URL is working. But if i enable Webagent its throwing 404 error message.
Can anyone help me in solving this problem
ravi v kumar
Joined: Dec 14, 2004
i also had same issue. but they decided to close the window if user clicks logoff clink. i know its not the solution.
Joined: May 29, 2002
Siteminder webagent has bad character configuration on the local config and on the policy server. If you can remove characters that you want to allow in the URL, you can fix this issue.
Joined: Jul 15, 2010
Limitations of the integration
You will need to remove/change the logout references to logout of Siteminder. We actualy do not do this, as its not really required as its our enterprise SSO and so its unlikely you need to logout of Confluence.
You will need to remove the change password tabs - these are not used (NOTE! Do not do this via the External User Management or you will not be able to use groups!!)
It only works from Confluence 2.1 or later (I have tried in 2.1.x and 2.2.x )