Forum Discussion

Christoph_Fris1's avatar
Christoph_Fris1
Icon for Nimbostratus rankNimbostratus
Feb 21, 2017

Clear APM session when using Oracle Access Manager

Hello together,

 

strange upcoming issue when using Oracle Access Manager 11gR2 as an AAA Server on APM 12.1.2

 

When accessing a protected ressource everything is working fine, expect the logout feature. Normally the logout ist just calling

 

3 Replies

  • The Logout URI should be configured in the access profile by using the 'Logout URI Include' and 'Logout URI Timout' settings. What have you set there? Does it match?

     

  • Ok I found out where this "Oracle Access Manager Operation Error" message comes from. So after clicking on the logout URL. The process should be like this:

     

    1. clear session on Oracle Access Manager
    2. set ObSSOCookie to logedoutcontinue
    3. redirect user to ?end_url (when it was set in the logout URL)

    But the problem is, when the user is clicking the Link for the Logout the session on the OAM will be deleted, also the user will be redirected to the ?end_url. But the first ObSSOCookie which the user got after accessing the protected ressource will not be cleared. Instead of this a new ObSSOCookie will be inserted with the value 'logedoutccontinue' only with a different cookie domain. Therefore when the user is now trying to access the protected ressource again, the error message will be displayed because the ObSSOCookie is still present but the session on OAM is already deleted.

     

    So my idea was to implement a new iRule, when the Logout Link will be clicked (

     

  • Try this:

    when HTTP_REQUEST {
        if { [string tolower [HTTP::uri]] eq "/logout-success" } {
            set redirect_page "https://www.example.com/"
            HTTP::respond 302 location $redirect_page "Cache-Control" "no-cache, must-revalidate" Set-Cookie "ObSSOCookie=deleted;expires=Thu, 01-Jan-1970 00:00:10 GMT;path=/"
        }
    }