Defects
VM and SBM SSO error on logout
| ID: | D27820 | |
| Published: | 05 October 2021 |
Defect Id
DEF345442
Originally Reported Against
SBM 11.8
Resolved In
SBM 12.0
Status
Implemented
Description
When PVCS Version Manager is configured to use SBM SSO, a "logout failed" error message appears in the UI. To reproduce:
1) Login to the PVCS Version Manager Project Database in the VM Web Client.
2) Logout fails from the VM PDB
Resolution
This issue is due to adding CSRF token requirement to the SSO logout entry points. The client (VM) has earlier SSO libraries that do not include CSRF token on logout.
Change "AllowLogoutWithoutCSRFToken" to "true"
To work around this problem, change the CSRF token requirement by editing the following file on the SBM SSO server:
C:\Program Files\Micro Focus\SBM\Common\tomcat\server\default\webapps\idp\WEB-INF\conf\fedsvr-core-config.xml
<!-- =================================================================================================================
<parameter name="AllowLogoutWithoutCSRFToken" Type="xsd:boolean">true</parameter> Allows a logout request to be executed without CSRF token. Set to true if integrating with older Gatekeepers.
================================================================================================================== -->
