Pivotal Knowledge Base

Follow

How to Change a Service Plan's "Disable Redirect Parameter" to Enable Single SignOut

Environment

Pivotal Cloud Foundry (PCF) Elastic Runtime 1.10 and earlier

UAA 

Purpose

This article explains steps for changing the Disable Redirect Parameter Configuration for a service plan (a.k.a. UAA Identity Zone). This article provides guidance on how to use the APIs documented for UAA in this document.

Instructions

On PCF ERT 1.10 and earlier, the default value for this would be “true”, preventing logout redirects, such as for Single Logout, from functioning. Use this document to set the value to “true” to have logout redirect function correctly.

1. Obtain the UAA Admin Client Credentials for the ERT tile from Ops Manager.

2. Login to your domain via UAAC

uaac target https://login.example.com

uaac token client get admin

Enter client secret from Ops Manager

3. Use UAAC to retrieve the information for the identity zone you wish to change

  • uaac curl -k /identity-zones/your-zone-id > filename.txt
  • Delete the header info and leave the JSON blob
  • If you need help identifying the zone ID, you can list all identity-zones via `uaac curl -k /identity-zones`. Alternatively, you can find the ID by looking in the URL when editing your plan: https://p-identity.example.com/dashboard/edit_plan/ (id-here, e.g. debb54d4-cd9a-4e6e-b016-56781a4a6edb)

4. Update the logout policy section so that `disableRedirectParameter` is set to false

"links": {
        "logout": {
               "redirectUrl": "/login",
               "redirectParameterName": "redirect",
               "disableRedirectParameter": false,
               "whitelist": null
                  },
       "selfService": {
              "selfServiceLinksEnabled": true,
              "signup": "/create_account",
              "passwd": "/forgot_password"
                      }
         },

5. Submit a UAAC curl request to update the identity zone with your updated configurations

  • uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d '{JSON HERE}'
  • Compact the JSON to avoid issues with line spacing when using a command line, or pass in the file like uaac curl -k /identity-zones/your-zone-id -X PUT -H 'Content-Type: application/json' -d "$(cat filename.txt)"

6. The logout redirect configurations should take effect immediately. Test the logout flow

Comments

Powered by Zendesk