When using the SAML to Authentication module in integrated Mode, OpenAM will not logout of the IdP if a goto is appended to the logout URL to trigger SP initiated Logout
- Create a hosted SP and IdP on two OpenAM instances
- Created an Auth Chain using the SAML2 Authentication module as explained in the following article https://backstage.forgerock.com/knowledge/kb/article/a88521204
- Login to OpenAM chain with demo user using the following example. http://host2.example.com:8080/openam/XUI/#login?service=testChain
- Logout normally using http://host2.example.com:8080/openam/XUI/#logout/ this will show the expected behavior
- Logout using a goto appended to the logout http://host2.example.com:8080/openam/XUI/#logout?goto=[https://www.google.com|https://www.google.com/] and you will be redirected to www.google.com, but if you try to log back into the testChain you will not have to authenticate because the session has not been destroyed.
No work around found