SharePoint 2013 integration logout configuration - SSO

After logout, the user must sign out from the both parties: SharePoint and Ubisecure SSO. This is achieved with the following configuration changes:

To configure SharePoint to logout via Ubisecure SSO:

  1. Open the file C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\signout.aspx on the SharePoint server.
  2. Modify the _spBodyOnload() javascript function as shown:

  3. Save the file

Now, after the logout from SharePoint, the user is redirected to Ubisecure SSO logout endpoint. Ubisecure SSO terminates the UAS sessions and any other SP sessions.

By default, SharePoint uses persistent cookies. Therefore, if the user closes the browser without signing out, he will be able to login to the application without authentication next time the browser is opened.

To disable persistent cookies in SharePoint:

  1. Open the SharePoint Management Shell
  2. Execute the following commands

    $sts = Get-SPSecurityTokenServiceConfig

    $sts.UseSessionCookies = $true

    $sts.Update()

    iisreset

Now that SharePoint uses session cookies, the session terminates if all the instances of the browser are closed. The usage of session cookies also affects the way that Office integration behaves with SharePoint.

WARNING: Consider carefully the security risks of persistent cookies.


To enable persistent cookies in SharePoint:

  1. Open the SharePoint Management Shell
  2. Execute the following commands
    $sts = Get-SPSecurityTokenServiceConfig
    $sts.UseSessionCookies = $false $sts.Update()
    iisreset


This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.