Our customer wants to use SAML SSO within TRIRIGA. This wiki article shows the procedure to set up the SAML SSO using WAS TAI, and after testing, it works. But I have still have some questions:
- 1. It seems that the “Sign Out” link in TRIRIGA doesn’t invalidate the SAML SSO token. Can we customize the “Sign Out” link to do a real “Sign Out” on the IdP side?
- 2. The “sso_<n>.sp.useRelayStateForTarget” property allows WAS TAI using the RelayState sent from IdP. Does TRIRIGA support the “RelayState”?
[Admin: For convenience, here are the meanings of the acronyms: Security Assertion Markup Language (SAML), Single Sign-On (SSO), WebSphere Application Server (WAS), Trust Association Interceptor (TAI), Identity Provider (IdP).]