My Oracle Support Banner

PS3 Multi Data Center-DCC Logout Does Not Clean Up Sessions Across domains (Doc ID 2159499.1)

Last updated on MARCH 29, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.

Symptoms

With the below settings, logout work well on individual domains and also across
the domains in the first scenario/flow as below. That is session is cleared on
both domains. But fails in second scenario.

1.Global logout occurs when the logout is issued on an application where the
session was initially generated.

Flow1 - HTTP Traces when authenticate first on (Master)
--> SSO to (Clone) --> Logout at (Master) --> Sessions stays alive in (Clone).

2.Global logout does not occur when the logout is issued on an application
which adopts the session from remote site.

Flow2 - HTTP Traces when authenticate first on (Master)
--> SSO to (Clone) --> Logout at (Clone) --> Session stays alive in (Master).

Below are the webgate settings -

Method -1: Proxy Solution

> Where apache is the web server, having webgate and post authN --> user is forwarded to
destination app.
> Logout Settings

Proxy Agent:
Logout URL: /sso/logout
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<host>:<port>/wsso/signOut.jsp (domain site specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

Method -2: Direct webgate solution,
> Where application itself will have a web server and webgate and
> Logout Settings

Webgate Agent:
Logout URL: /sso/logout, /mysso/signoff, /mysso/signOff/ /sso/signoff (can be
anything specific to each appplication)
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<host>:<port>/wsso/signOut.jsp (domain specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

The current Multi Data Center properties

Multi Data Center props.
eauthenticate=false
SessionDataRetrievalOnDemand=true
SessionMustBeAnchoredToDataCenterServicingUser=false
SessionDataRetrievalOnDemandMax_retry_attempts=3
SessionDataRetrievalOnDemandMax_conn_wait_time=80
SessionContinuationOnSyncFailure=false
MDCGitoCookieDomain=.mydomain.com

Changes

 Multi Data Center setup done. Patch 23248730 is applied already.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.