Oracle Access Manager Logout Fails After Form Based Login

(Doc ID 421956.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version: 7.0 and later   [Release: COREid and later ]
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010

Symptoms

Oracle Access Manager logout is failing using custom logout page. When a user logs in and authenticates, navigates the site and clicks logout, the user is then able to navigate back to one of the protected web pages without having to re-authenticate.

Login is form-based so credentials are not saved in the browser.

Points already checked:

   The correct logout URL is configured in Access System Configuration 
   The correct logout URL is configured in webgatestatic.lst (no longer required in release 10.1.4)
   The custom logout page is accessed via public, non-protected path 
   The custom logout page has: 
       Javascript onLoad to remove the session cookie(s) 
       No references to protected resources i.e. images are not accessed via protected paths 

Reference: Oracle´┐Ż Access Manager Access Administration Guide 10g (10.1.4.0.1)
    Appendix C Configuring Logout

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms