Global Logout Issue: Same userid replicating after performing logout and login again in same session

Problem Description: The architecture has OAS 10.1.4.3, OAM 10.1.4.3, OID version is 10.1.4.3 and portal11g installed in production server node. The OAM is integrated with portal 11g. I have faced some issues while implementing global logout in our project. Problem is same userid replicating after performing logout and login again in same session except portal application.OAM10g and portal11g application is sitting in different machine. We have 10 different application and all application is integrated with OAM and including portal.  User can able to access the application through portal.Logout link visible only in portal not in other applications.

For Example:
Case 1:
if I logged into portal with user “A” and then access the SOA worklist it will opened in a new window. In SOA worklist showing user “A” as logged . After I closed the SOA worklist window and after click logout link in portal application.

Case 2:
Again I logged into portal with different user called “B” in a same session. Again I clicked SOA application and it will opened in a different window. This time I have seen user “A” instead of “B”.

Problem: Cookies had some values of previous authentication details. Normally when we tried to access the application link under portal, webgate will intercept the request and it will check whether cookie having values or not, if their is no values residing inside cookie once again new authentication will happen otherwise it will take a previous authentication values, in this case cookie having values because cookie not get deleted so authentication will not take part and taken a previous values.  

So I thought of new plan like

1.       Tried to delete all cookies in portal domain.

Result: Due to security reason we were not able to delete the other domain cookies.

2.       Call multiple logout page from portal domain using logout url option in webgate profile.

Result: Oracle Access Manager will not support this.

3.       Tried to call the logout page of each application one by one.

Result:  After a lot of R&D this plan has been implemented and mentioned problem has been resolved.

 Solution description:

For example user clicked logout from portal , it will trigger the logout page of portal, here I’m cleared all cookies under portal domain except obssocookie because if I cleared this cookie, I can’t able to call the other logout page url without authentication if this page is protected. For this purpose iam not clearing this cookie and then I triggered the logout page of EBao, here I’m cleared the cookies under this domain and again triggered the another application logout page url and so. Its chain base call and end of the call iam cleared obssocookie and display information to the user.

I believe this post will help you to get out of this issue. Thanks. 

About the Author sarath

An Oracle Identity and Access Management professional, having working on Oracle Access Manager Single Sign-On implementations, Installation/Configuration of Identity Server, Web Pass, Web Gate, Access Gate, Policy Manager, Access Server, Policy Domains, Authentication /Authorization schemes, Single Sign-On (single and multi-domain), OIM, OVD, OID, OAAM, OIF, High Availability/Failover/ SSL deployment.

Leave a Comment:

4 comments
Atul Kumar says June 13, 2011

Sarath, Very good post. I am goign to cover global logout but from 11g OAM’s point of view. This post will really help me as input to my post.

Atul

Reply
sarath says June 14, 2011

Atul, Thanks for your comments.
Regards
sarath

Reply
Mahendra says June 14, 2011

Hi Sarath/Atul,

Just an add-on to this post 🙂

http://talkidentity.blogspot.com/2011/06/global-logout-in-oracle-access-manager.html

Reply
» Global logout Implementation Online Apps DBA: One Stop Shop for Apps DBA’s says September 16, 2011

[…] fail for any reason say any server is down, server not responding etc. For more information click here.  For this problem I have come out with the below approach to overcome this issue. My approach as […]

Reply
Add Your Reply