Hello everyone, I would like to report unexpected behavior regarding SAML authentication.
My test was using Azure AD with the latest versions of CMS 3.3, in which the login and logout from Microsoft work perfectly. However, the problem arises after the logout has been performed because even though I am logged out of the Microsoft account, the CMS session remains active!
I believe it is necessary to review this logout process to kill the CMS login session when clicking “logout” in the CMS.
Can you reproduce this behavior on your end? Do i missing something?
I’m not a SAML specialist, but I think the CMS uses tokens with cookies stored in the web browser.
This is why disconnecting the Microsoft account does not disconnect the Xibo session.
Hello!
Thanks for the answer. Can you tell if this is something that I can configure myself, or is it something that the Xibo development team need’s to work on?