Global logout Implementation
In this post I am going to talk about overall global logout implementation.
Problem description:
For Example:
1. Login into portal with user “A”.
2. Click the app link for example “X”, and application will open in new browser with user “A”.
3. Logout from portal, and login again in same session with different user “B”.
4. Again click the app link but now application not opening with user “B” its opening with user “A”.
Regarding this issue we have implemented the chain call method, its mean calling all application logout page’s. This approach will helps us to clear the application cookies and sessions.
Advantage & Disadvantage:
Clear the cookie and sessions, it will help us to see the new session.
Logout can fail for any reason say any server is down, server not responding etc.
For more information click here.
For this problem I have come out with the below approach to overcome this issue. My approach as follow,
1. Removing the chain call of logout pages.
2. Modified in application level.
More information about my approach here.
Why above mentioned issues is occurring?
Ans:
1. First time login into portal with user “A” and then access application “X”, now in application level they are checking whether any session is exist or not if not then they read the header variable what IDM passed.
2. second time I’m accessing the some other link in application in “X”, here again they checking any session is exist or not, here we have session of previous user so they continue with same session.
3. after logout from portal and login again with user “B”.
4. Access the application “X”, this time they checking whether any session is exist or not, yes previous session is not deleted, so again continue with same session.
Note: problem is they are not comparing the IDM cookie, they only checking their session value.
We made some changes in application level to compare the application “X” session value with IDM cookie value. If it not matches then remove the old session and create the new session. Now above issue get vanished.
Advantage:
1. No Looping. No need to worry about whether all servers are up and running or not.
2. Now portal and IDM will come into GL.
3. It faster than before implementation.
About the Author sarath
An Oracle Identity and Access Management professional, having working on Oracle Access Manager Single Sign-On implementations, Installation/Configuration of Identity Server, Web Pass, Web Gate, Access Gate, Policy Manager, Access Server, Policy Domains, Authentication /Authorization schemes, Single Sign-On (single and multi-domain), OIM, OVD, OID, OAAM, OIF, High Availability/Failover/ SSL deployment.