We use embedded login via lock.js. We have Tableau SAML2 integration and when a non-Tableau user logs in after a Tableau user logs out, he still sees a report, even though it should not be available for that user.
How to correctly log out so that we log out from Auth0 and other connected third-party applications such as Tableau?
We logout user via the following code (lock.logout).
Also, we get a record about successful logout in auth0 logs, but for Tableau, it’s not working.
Here is our SAML2 Web App addons settings:
{
"audience": "AUDIENCE_URL",
"recipient": "RECIPIENT_URL",
"mappings": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
},
"createUpnClaim": false,
"passthroughClaimsWithNoMapping": false,
"mapUnknownClaimsAsIs": false,
"mapIdentities": true,
"signatureAlgorithm": "rsa-sha256",
"digestAlgorithm": "sha256",
"destination": "RECIPIENT_URL",
"lifetimeInSeconds": 3600,
"signResponse": false,
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
],
"logout": {
"callback": "https://OUR_DOMAIN/v2/logout"
},
"binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
We also tried to use the following URL for logout callback in settings - “https://OUR_DOMAIN/samlp/CLIENT_ID/logout”