OIF 10g Logout Fails With HTTP-405 Method Not Allowed (Doc ID 1263984.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Federation - Version: 10.1.4.2.0 and later   [Release: 10g and later ]
Information in this document applies to any platform.

Symptoms

Oracle Identity Federation (OIF) 10g SAML 2.0 logout is being requested with a returnurl parameter:

Example logout URL:

https://oif.oracle.com:4443/fed/user/logout?returnurl=https://app.oracle.com/apps/logout.htm


With returnurl parameter provided to the /fed/user/logout call in a session authenticated using SAML 2.0 protocol, OIF should perform logout for the user then the returnurl page should be displayed.


Instead, error HTTP-405 Method Not Allowed is occurring.


The HTTP Header trace for the failing logout request shows that a SAMLRequest is being POSTed to a non-OIF URL.


Steps to reproduce

1. Access the Service Provider (SP) application via SP or Identity Provider (IdP) initiated Single Sign On (SSO) using SAML 2.0 protocol.

2. Issue the OIF logout request in the same session e.g. https://oif.oracle.com:4443/fed/user/logout?returnurl=https://app.oracle.com/apps/logout.htm

3. HTTP-405 Method Not Allowed error occurs.



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms