RESOLUTION:
New proxy parameters have been added to Cloud Access Manager that can be set for any proxied application. They cause the browser to redirect to the Cloud Access Manager /EndWebSession URL when a target URL is seen by the proxy.
Depending on the logout routine of the app only the first parameter below may be required or both may be needed, please see the examples.
The new parameters are:
cam.endSessionURLs
cam.allowEndSessionURLToBeProxiedTo configure SLO for a proxied app, login to the Admin UI as the Fallback Admin and go to the Settings > Tune the Cloud Access Manager Proxy page.
Both parameters should be set to apply to ‘All Applications’ when used.
Example 1:For Outlook Web App 2010 where it redirects to the standard “You have successfully signed out…close all browser windows” page, use this configuration:
cam.endSessionURLs = /owa/auth/logoff.aspx?Cmd=logoff&src=exchExample 2:For Outlook Web App 2010 when it is configured to redirect to the login page or other SSO location or is protected by the Microsoft Threat Management Gateway (TMG) the end URL cannot be used as the SLO trigger or CAM could log users out when attempting SSO, so the OWA logout start URL should be used instead. It is now necessary to ensure that the OWA logout routine is completed before the CAM redirect occurs by sending this URL to the client browser; use the following configuration:
cam.endSessionURLs = /owa/logoff.owa
cam.allowEndSessionURLToBeProxied = True