Multiple Applications Integrated With Oracle Identity Cloud Service (IDCS) VIA An IIS WebGate - Logout Not Clearing Cookies Correctly
(Doc ID 2806715.1)
Last updated on DECEMBER 21, 2022
Applies to:Oracle Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Logout doesn't clear the cookie for second application. So when user re-login, they see information of first user on second application (since it is using old cookie)
- Two applications that are integrated with Oracle Identity Cloud Service (IDCS) via an IIS Webgate and a confidential application in IDCS
- Need the logout from one application to trigger logout from both applications (i.e. deleting the user's session in both places).
1. Access and log into <APP_1> as <USER_1>
2. Access <APP_2> (No challange for authentication, as expected)
3. Click on "client app" to switch back to <App_1> from within same browser/tab
4. Logout from <APP_1>
5. Log into <APP_1> as <USER_2>
6. Go to <APP_2>, where it shows the <USER_1> instead of <USER_2>
- Issue is not seen if an Apache Web Server is used
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document