Oracle Access Manager 11g (OAM 11.1.1.5.x) How To Prevent URL Redirection to an Unwanted OAM Logout Landing Page (Doc ID 1603720.1)

Oracle Access Manager 11g (OAM 11.1.1.5.x) How To Prevent URL Redirection to an Unwanted OAM Logout Landing Page

• OAM has a feature using a query string "end_url" to redirect a browser to a landing page after logging out.  However a URL can be append either manually or programmatically to the end_url parameter and the browser will be redirected there. The OAM server performs the server side logout operations and redirects the browser to the URL specified in the "end_url" query parameter whether logged in or out, but this is not a desired behavior.
• By default OAM server and the hostname variations for the WebGate host identifiers are automatically included.
• So simply enabling oamSetWhiteListMode may be enough, but the URL enabled list maybe be broader, so using oamWhiteListURLConfig command allows adding additional URLs as needed.
• Once oamSetWhiteListMode is enabled and any additional URLs are included using oamWhiteListURLConfig , OAM only allows the browser to redirect to the hostnames and URLs allowed.