Geek Answers Handbook

Unable to exit Oracle SSO

Build a J2EE web application using Oracle SSO with OID content as a means of authenticating users.

If the user wants to use the application, he must first specify a valid username / password on the SSO login page.

When the user is executed using the application, he can click the logout button; Behind the scenes, the action associated with this button will terminate the user's session and clear cookies using the following Java code:

private void clearCookies(HttpServletResponse res, HttpServletRequest req) { res.setContentType("text/html"); for (Cookie cookie : req.getCookies()) { cookie.setMaxAge(0); cookie.setPath("/"); cookie.setDomain(req.getHeader("host")); res.addCookie(cookie); } }

In addition, I have an onclick JavaScript event associated with a logout button that should delete SSO cookies by calling the delOblixCookie () function (as shown in some Oracle forum):

 function delCookie(name, path, domain) { var today = new Date(); // minus 2 days var deleteDate = new Date(today.getTime() - 48 * 60 * 60 * 1000); var cookie = name + "=" + ((path == null) ? "" : "; path=" + path) + ((domain == null) ? "" : "; domain=" + domain) + "; expires=" + deleteDate; document.cookie = cookie; } function delOblixCookie() { // set focus to ok button var isNetscape = (document.layers); if (isNetscape == false || navigator.appVersion.charAt(0) >= 5) { for (var i=0; i<document.links.length; i++) { if (document.links.href == "javascript:top.close()") { document.links.focus(); break; } } } delCookie('ObTEMC', '/'); delCookie('ObSSOCookie', '/'); // in case cookieDomain is configured delete same cookie to all subdomains var subdomain; var domain = new String(document.domain); var index = domain.indexOf("."); while (index > 0) { subdomain = domain.substring(index, domain.length); if (subdomain.indexOf(".", 1) > 0) { delCookie('ObTEMC', '/', subdomain); delCookie('ObSSOCookie', '/', subdomain); } domain = subdomain; index = domain.indexOf(".", 1); } }

However, my users do not exit SSO after they click the logout button: although a new session is created if they try to access the index page, the SSO login page does not appear to them, and they can go directly to the main page without authentication. Only if they manually delete cookies from the browser, the login page appears again - not what I need: users must provide their username / password each time they exit the application, so I believe that the code that deletes cookies

Id really appreciate any help with this problem, thanks in advance.

+4
source share
3 answers

Oracle has two SSO web products - Oracle Access Manager and Oracle Single Sign On. The Javascript code you submitted is for Access Manager, so it won't help you. In addition, you do not need to do anything in Javascript to log the user into the system.

See the logout section in OSSO docs. He recommends using the following code:

 // Clear application session, if any String l_return_url := return url to your application response.setHeader( "Osso-Return-Url", l_return_url); response.sendError( 470, "Oracle SSO" );
+3
source

You need a page with a logout name that includes those JavaScript functions.

What the documentation says:

WebGate logs in a user when it receives a URL containing "logout." (including "."), with the exception of logout.gif and logout.jpg, for example, logout.html or logout.pl. When WebGate receives a URL with this string, ObSSOCookie is set to log out.

+1
source

Cookies are not deleted until the browser is closed.

0
source

More articles:


All Articles