Troubleshooting BMC Remedy Single Sign-On log on and log off issues
Logon and logoff issues can occur (or appear to occur) associated with URL re-direct and normal Identity Provider (IdP) behavior.
Automatic IdP logon behavior
With SAMLv2 authentication configurations, an automatic logon can occur after you have terminated your single sign-on session. This behavior gives the impression that the user was not logged out.
In SAMLv2 configurations, the IdP caches authentication information within the browser. This information allows the IdP to automatically reauthenticate a user without the user re-entering their credentials.
The effect is that when a user logs off of a SAMLv2 system, a browser refresh can automatically log the user back on to the system.
For example, a user has two browser windows (or tabs) open; one with BMC Remedy Mid Tier and the other with BMC MyIT. If the user logs off from both BMC Remedy Mid Tier and BMC MyIT, the single sign-on session us terminated. If the user just closes the window of BMC Remedy Mid Tier, accesses the BMC MyIT window, and refreshes the browser, then the browser performs the action as though the user was still logged on to the system. What transpired was that a new single sign-on session was created automatically for the user (due to the auto-logon of the IdP).
For this type of system, to ensure that the user is permanently logged off, close all browser windows and tabs.