My Oracle Support Banner

How to force users to login page for any unauthorized conditions? (Doc ID 2815299.1)

Last updated on OCTOBER 25, 2021

Applies to:

Oracle Communications Convergence - Version 3.0.2 and later
Information in this document applies to any platform.

Goal

On : Oracle Communications Convergence 3.0.2 version

Qn1: We are in the process of enabling SSO for our Convergence instances and are encountering undesirable error dialogs when the SSO session is terminated (either from an expired token or when the session is invalidated due to a process restart). As an example, if the HTTPD process that is responsible for authentication, and acts as a reverse proxy to Glassfish, is restarted, the user is presented with an error dialog indicating the page could not be loaded due to invalid authentication. Dismissing the error does not log the user out and the error reappears if the user tries to navigate within Convergence. To correct this condition the user must either refresh the page or click Sign Out. Considering there is no way to gracefully disconnect users with active Convergence sessions we anticipate that this will drive calls to our call center any time we perform maintenance to our Convergence hosts. How is this typically handled? Is there a way to redirect users to our login page rather than displaying the error anytime there is an authentication problem? Is there an undocumented procedure to gracefully disconnect users prior to performing system maintenance?
 
Qn2: As an alternate solution to maintaining javascript code, we are considering leveraging the Apache reverse proxy to intercept the 401 unauthorized response and generate one that mirrors what is received when the Glassfish session is invalid. This would result in a 200 response code with text/javascript content similar to below for any unauthorized access to /iwc/svc endpoints:




The content is based off of the response from Glassfish when the session is invalid but we have noted that the responses are different between mail and address book services. Despite the differences in responses, we have found this method to work with both mail and address book services. We would like to know what your development team thinks of this approach?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.