Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Oracle Access Manager 18.104.22.168 Logout is not working when Logout is requested from an application protected by a 10g WebGate.
The following Oracle Documentation has been referenced to configure OAM SSO Logout for the application:
Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service 11g Release 1 (11.1.1)
15 Configuring Centralized Logout for OAM 11g
A logout.html page has been created following the documentation for logout for 10g WebGates.
The application has been modified so that when Logout is clicked in the application, a request for the logout.html page is issued.
When the protected application is accessed again in the same browser session after logout there is no prompt for relogin to OAM. The application page is displayed with session still authenticated.
Steps to reproduce
1. Access the application at e.g. http://app.oracle.com:8085/container/index.htm
2. The OAM login page is displayed.
3. Submit valid OAM credentials.
4. The application page at http://app.oracle.com:8085/container/index.htm is displayed.
5. Click the application logout link: http://app.oracle.com:8085/logout.html is requested. The page is displayed.
6. Access the protected application resource at http://app.oracle.com:8085/container/index.htm again: the page is displayed. OAM does not prompt for relogin.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms