- Access Manager 4.4
- Access Manager 4.5
- Access Manager IDP server reports: 'Your session has been logged out. It is recommended that you close your browser to complete the termination of this sessionâ while executing the o365 SP initiated SAML Logout request
- disable the "HttpHeaderSecurityFilter" by remarking the section in the NIDP server
- make sure you use instead the "Content-Security-Policy" header which can be configured from within: iManager => IDP Servers => Response Headers
- Add the header: Content-Security-Policy: frame-ancestors 'self' https://login.microsoftonline.com;
- The browser client could not execute the "logoutSuccess.jsp" clearing up the user session at the IDP server due to the X-Frame SAMEORIGIN policy.
The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using <frame>, <iframe>, <object>, <embed>, or <applet>. Setting this directive to 'none' is similar to X-Frame-Options: DENY (which is also supported in older browers).