Hello,
We recently changed our authentication procedure for our SAP netweaver to authenticate user thanks to SAML2 + SAP ID provider.
So far so and all is working fine.
The minor issue we're facing is with the logout option.
When user is clicking on the [Log Off] button (top right corner of the webUi he logout from the system.
The problem is that if user re-open the browser and try to open the webui again then all behaves like if the user never log out.
I mean unless the user clear his broser cache of all cookies then IDP logon screen where he normaly has to provide credential is not dispalyed.
It behaves like if the [Log Off] is not deleting the cookies that was created when he initaly logged in.
Is our expectation wrong?
We would expect that [Log Off] would delete that cookie so user would not be automaticaly reauthenticated but would be redirected to the IDP logon screen.
If our expectation is correct then any idea why it's not behaving like this ?
please advise
thanks