Oracle Access Manager(OAM) Federation - How To Clear Federation Session Upon OAM Logout At Identity Provider (IdP) End
(Doc ID 2005112.1)
Last updated on APRIL 13, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
Provide information on how to remove OAM_JSESSIONID and ORA_OSFS_SESSION cookies from user's browser which were created as part of SAML federation session; In other words, is there a way or a WLST command to achieve SAML single logout or global logout for a federated user.
Federation Scenario:
- OAM is acting as Service Provider (SP) and other party acting as IdP.
- The Federation login is working fine
- When the Federated user logs out from the IdP portal, it clears only application cookies and leaves behind the OAM/OIF session cookies
- If another user attempts authentication in the same browser session, that user gets the system error because the user returned by new session is different than the existing user in OAM/OIF session
- Tried calling the OAM logout URL directly (/oam/server/logout), but it only removes OAM_ID cookie and OAMAuthn cookies
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| configureSAML20Logout |