My Oracle Support Banner

Oracle Access Manager (OAM) Multi Data Center (MDC) - Detached Credential Collector (DCC) Logout Does Not Clean Up Sessions Across Domains (Doc ID 2159499.1)

Last updated on OCTOBER 08, 2020

Applies to:

Oracle Access Manager - Version 11.1.2.3.5 and later
Information in this document applies to any platform.
Oracle is not responsible for instructions/information from 3rd party sites that may be contained in this KM note.

Symptoms

With the below settings, logout work well on individual domains and also across the domains in the first scenario/flow as below. That is session is cleared on both domains. But fails in second scenario.

1.Global logout occurs when the logout is issued on an application where the session was initially generated.

Flow1 - HTTP Traces when authenticate first on (Primary)
--> SSO to (Clone) --> Logout at (Primary) --> Sessions stays alive in (Clone).

2.Global logout does not occur when the logout is issued on an application which adopts the session from remote site.

Flow2 - HTTP Traces when authenticate first on (Primary)
--> SSO to (Clone) --> Logout at (Clone) --> Session stays alive in (Primary).

Below are the WebGate settings -

Method -1: Proxy Solution

> Where apache is the web server, having WebGate and post authN --> user is forwarded to destination app.
> Logout Settings

Proxy Agent:
Logout URL: /sso/logout
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<HOSTNAME>:<PORT>/wsso/signOut.jsp (domain site specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

Method -2: Direct WebGate solution,
> Where application itself will have a web server and WebGate and
> Logout Settings

WebGate Agent:
Logout URL: /sso/logout, /mysso/signoff, /mysso/signOff/ /sso/signoff (can be anything specific to each application)
Logout Callback URL: /oam_logout_success
Logout Redirect URL: https://<HOSTNAME>:<PORT>/wsso/signOut.jsp (domain specific logout page)
Logout Target URL: end_url

DCC Agent:
Logout URL: /wsso/signOut.jsp
Logout Callback URL: /oam_logout_success
Logout Redirect URL: None
Logout Target URL: end_url

The current Multi Data Center properties

Multi Data Center props.
eauthenticate=false
SessionDataRetrievalOnDemand=true
SessionMustBeAnchoredToDataCenterServicingUser=false
SessionDataRetrievalOnDemandMax_retry_attempts=3
SessionDataRetrievalOnDemandMax_conn_wait_time=80
SessionContinuationOnSyncFailure=false
MDCGitoCookieDomain=.<DOMAIN>

Changes

 Multi Data Center setup done. <Patch:23248730> is applied already.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.