Show TOC

Ensuring Complete Logout from Integrated SystemsLocate this document in the navigation structure

When using other systems that are integrated with SAP Fiori launchpad, after logging out, an open browser window may still contain session cookies. A user who has access to the open browser window can access these systems without having to authenticate. The solution described in this topic ensures that session cookies of all systems are removed when logging out from SAP Fiori launchpad.

SAP Fiori launchpad allows access to systems other than the SAP Fiori launchpad front-end server, which serves the URL to start:
  • SAP Fiori launchpad
  • UI-related resources
  • REST and OData services for running the launchpad
Note To keep the complexity of the system landscape to a minimum, we recommend having only one SAP Gateway server for all OData services used in SAP Fiori scenarios.
For the following scenarios, logging out is performed completely and you do not need to perform the extra logout configuration described in this topic.
  • SAP Fiori launchpad front-end server.
  • Enterprise Search system (AS ABAP).
  • Systems used to load remote tile catalogs, such as SAP HANA KPI tiles for SAP Smart Business.
  • SAP Lumiraâ„¢ running in SAP Fiori launchpad.
    Note For releases of SAP Lumira prior to 1.18, it is necessary to perform the configuration as described in SAP Note 2010502 Information published on SAP site.
  • Systems that are accessed to start Web Dynpro ABAP or SAP GUI for HTML applications in the SAP Fiori launchpad based on report launchpad customizing with specific application types (not plain URL) - either through SAP Web Dispatcher or directly on the system.
For all other scenarios, it is necessary to do the following:
  • On SAP Web Dispatcher: Maintain a logout rule symmetric to the rule causing the system login so that the logout URLs are routed to the correct system.
  • On SAP Fiori launchpad front-end server: Define a custom logout page for the ICF node /sap/public/bc/icf/logoff, which ensures that all logout URLs are requested. Thus the missing logouts are guaranteed to take place when logging out from the front-end server.
Related Information