Products: ISAM9.0.7 Federations and WebSeal
I have at setup with an IdP behind WebSeal instance "login" on junction /sso
The IdP uses an EAI via local-response-redirect and eai-trigger-url configuration. The EAI is on a liberty backend behind a junction on the login WebSeal instance.
When slo is initiated on/from the SP, a slo request is also made for the IdP, and the IdP logs that it removes the SAML cookie, but this does NOT terminate/kill the WebSeal session, so when a new logon request is made from the SP and the IdP is called, then the IdP still has the session, and no new login nor call to the EAI, is triggered, and the IdP responds with a SAML response to the SP and the user is logged on without entering anything.
Whys is the EAI not being triggered when the IdP receives the slo request? (as it does with the initial login) Nor do the slo request result in killing/terminating the WesSeal-session. Are there any way to achieve this?
DPWWA2078E Could not authenticate user. An external authentication service did not return required authentication data.