SAML | Common Workarounds: same entity ID in prod, test; hide "Logout from SAML"
1. Prod and Test have same entity ID:
When restoring backup from production instance to create a test instance, the entity ID and and the redirect URL are same as the one in the production instance and we are not able to configure SAML in the test instance.
- To change the application URL, we can modify it from Advanced Portal Settings (or Application Settings in ESM Directory) under the name Alias URL.
- For the SAML entity ID, run the following query after connecting to the database and restart SDP service for changes to take effect:
update samlsp set entity_id='<new_entity_id>';
Note: Here, for the <new_entity_id> you can even modify a single digit from the existing entity ID too.
2. Allow only "Logout":
Some organisations worry that their users unknowingly click "Logout from SAML" and this logs them out from all SAML applications. They want to log out only from SDP. To achieve this
- Leave the "Logout URL" blank during the SAML configuration. This will not show the "Logout using SAML" button.
3. Allow only SAML Logout
Some organisations want their users to directly log out from all SAML applications and they want to hide the "Log out" button and rename "Logout from SAML" button to "Log out". To achieve this, add the following Page Script.
- Go to Admin > Page Scripts and add new Page Script.
- Give an appropriate name and add the script below:
if(jQuery("a#logoutLink").length == 2) {
$CS.hideElement("a#logoutLink:eq(0)");
jQuery("a#logoutLink:eq(1)").children()[1].innerText = 'Awesome';
}
Contact support for any clarifications on any of these workarounds.