Oracle Access Manager 11gr2ps2 (OAM11.1.2.2.0) Federation - How to Clear Federation Session Upon OAM Logout at Identity Provider (IdP) End (Doc ID 2005112.1)

Last updated on MARCH 29, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

Oracle Access Manager 11gr2ps2 (OAM11.1.2.2.0) Federation - How to Clear Federation Session Upon OAM Logout at Identity Provider (IdP) End

Federation scenario:

  • OAM is acting as Service Provider (SP) and other party acting as IdP.
  • The Federation login is working fine
  • When the Federated user logs out from the IdP portal, it clears only application cookies and leaves behind the OAM/OIF session cookies.
  • If another user attempts authentication in the same browser session, that user gets the system error because the user returned by new session is different than the existing user in OAM/OIF session.
  • Tried calling the OAM logout URL directly (/oam/server/logout), but it only removes OAM_ID cookie and OAMAuthn cookies.

How could you remove OAM_JSESSIONID and ORA_OSFS_SESSION cookies from user's browser which were created as part of SAML federation session?

In other words, is there a way or or WLST command to achieve SAML single logout or global logout for a federated user?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms