UCM Application is not Invalidating the Session with OAM set for Basic Over Ldap Scheme. (Doc ID 1382858.1)

Last updated on MAY 23, 2017

Applies to:

Oracle WebCenter Content - Version: 11.1.1.4.0 and later   [Release: 11g and later ]
Information in this document applies to any platform.

Symptoms

Oracle Access Manager Authentication scheme when set to Basic over Ldap does not invalidate the UCM user session .

When UCM (configured with the above OAM setting) even after logout , browser session does not get cleared hence the ucm login happens without any security check .

Browser is not closed after logging out from UCM and the url is typed again which brings up the above scenario where in the user is not challenged for the Login Prompt. 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms