SharePoint 2013 integration logout configuration - SSO
After logout, the user must sign out from the both parties: SharePoint and Ubisecure SSO. This is achieved with the following configuration changes:
To configure SharePoint to logout via Ubisecure SSO:
- Open the file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\signout.aspx on the SharePoint server.
Modify the _spBodyOnload() javascript function as shown:
Save the file
Now, after the logout from SharePoint, the user is redirected to Ubisecure SSO logout endpoint. Ubisecure SSO terminates the UAS sessions and any other SP sessions.
By default, SharePoint uses persistent cookies. Therefore, if the user closes the browser without signing out, he will be able to login to the application without authentication next time the browser is opened.
To disable persistent cookies in SharePoint:
- Open the SharePoint Management Shell
- Execute the following commands
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset
Now that SharePoint uses session cookies, the session terminates if all the instances of the browser are closed. The usage of session cookies also affects the way that Office integration behaves with SharePoint.
WARNING: Consider carefully the security risks of persistent cookies.
To enable persistent cookies in SharePoint:
- Open the SharePoint Management Shell
- Execute the following commands
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $false $sts.Update()
iisreset