PS3 MDC-DCC Logout Does Not Clean Up Sessions Across DC's (Doc ID 2159499.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.

Symptoms

With the below settings, logout work well on individual DC and also across
the DC in the first scenario/flow as below. That is session is cleared on
both DC's. But fails in second scenario.

1.Global logout occurs when the logout is issued on an application where the
session was initially generated.

Flow1 - HTTP Traces when login first on (Master)
--> SSO to (Clone) --> Logout at (Master) --> Sessions stays alive in (Clone).

2.Global logout does not occur when the logout is issued on an application
which adopts the session from remote DC.

Flow2 - HTTP Traces when login first on (Master)
--> SSO to (Clone) --> Logout at (Clone) --> Session stays alive in (Master).

Below are the webgate settings -

Method -1: Proxy Solution

> Where apache is the web server, having webgate and post authN --> user is forwarded to
destination app.
> Logout Settings

Proxy Agent:
Logout URL: /sso/logout
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<host>:<port>/wsso/signOut.jsp (DC specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

Method -2: Direct webgate solution,
> Where application itself will have a web server and webgate and
> Logout Settings

Webgate Agent:
Logout URL: /sso/logout, /mysso/signoff, /mysso/signOff/ /sso/signoff (can be
anything specific to each appplication)
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<host>:<port>/wsso/signOut.jsp (DC specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

The current MDC properties

MDC props.
eauthenticate=false
SessionDataRetrievalOnDemand=true
SessionMustBeAnchoredToDataCenterServicingUser=false
SessionDataRetrievalOnDemandMax_retry_attempts=3
SessionDataRetrievalOnDemandMax_conn_wait_time=80
SessionContinuationOnSyncFailure=false
MDCGitoCookieDomain=.mydomain.com

Changes

 MDC setup done. Patch 23248730 is applied already.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms