VM and SBM SSO error on logout

ID:    D27820
Published:    05 October 2021

Defect Id


Originally Reported Against

SBM 11.8

Resolved In

SBM 12.0




When PVCS Version Manager is configured to use SBM SSO, a "logout failed" error message appears in the UI.  To reproduce:
1) Login to the PVCS Version Manager Project Database in the VM Web Client.
2) Logout fails from the VM PDB


 This issue is due to adding CSRF token requirement to the SSO logout entry points. The client (VM) has earlier SSO libraries that do not include CSRF token on logout.

To work around this problem, change the CSRF token requirement by editing the following file on the SBM SSO server:

C:\Program Files\Micro Focus\SBM\Common\tomcat\server\default\webapps\idp\WEB-INF\conf\fedsvr-core-config.xml 

Change "AllowLogoutWithoutCSRFToken" to "true" 

   <!-- =================================================================================================================
  Allows a logout request to be executed without CSRF token. Set to true if integrating with older Gatekeepers.
  ================================================================================================================== -->
  <parameter name="AllowLogoutWithoutCSRFToken" Type="xsd:boolean">true</parameter> 

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs