PingFederate and Single logout

New Contributor III

Has anyone implemented PingFederate SSO with single logout in JAMF Pro.

I am currently facing a challenge with following scenario.

PingFederate SSO is enabled for Management Access, SelfService and Enrollment URL. However we are seeing a challenge with Single Logout function as it is applicable only for enrollment function.

Since management access doesn't call PingFederate during logout, ( these calls are local logout calls)  sessions remains active in PingFederate and if admin user hits back button in the browser window then the user will get the session back since the login window again calls SSO which is still active. Self service also shows the local logout call however since the app doesn't have back button for login windows, it's not noticeable. Only way to address this is to close the browser completely and try new session again or use another browser app.

As of now it seems Bypassing SSO for management access is the only option so that login and logout both calls will be handled locally and there is no security risk with the session.