Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OAS SSO with two Authentication providers - strange behavior (unable to sign off)
Hi!
I configured OAS 2025 with two "SUFFICIENT" authentication providers - the default one and active directory.
The SSO Provider Logoff URL is /bi-security-login/logout?redirect=/dv
Issue:
When I click on "sign out", I'm getting the usual screen:
Thank you for using Oracle Analytics software. You have successfully signed out.
To sign in again, click here
When I click on "here" I get the regular "analytics" page without having to enter credentials.
Any idea what’s wrong with my logoff flow?
Thanks,
Alex
Best Answer
-
Hi Alex,
Regarding the SSO - I didn't define anything special.
Maybe that's what missing.
SSO is not required, I was just making sure I understood the architecture/configuration.
Your config.xml looks OK for the most part, I would make one change.
Your current order is:
+ADAuthProvider
+Trust Service Identity Asserter
+DefaultAuthenticator
In Weblogic Console, change the order to:
+ADAuthProvider
+DefaultAuthenticator
+Trust Service Identity Asserter
+ all the rest leave
Restart.
Test login / logout in a private/incognito browser session .
If there is still an issue, you will need to create a service request and provide Support with a diagnostic bundle so the logs can be reviewed.
Collect Diagnostic Bundles1
Answers
-
When SSO is turned off, I enter credentials to log in and get the sign off screen
Thank you for using Oracle Analytics software. You have successfully signed out.
To sign in again, click hereWhen I click "here", I get the regular Analytics screen
0 -
Hi Alex,
It sounds like your authentication token getting cleared from your browser cache.
Can you describe in more detail what type of SSO you have configured (not just your authenticators for authorization)?
If you are comfortable, you can obfuscate sensitive hostnames, etc, and upload a copy of your[DOMAIN_HOME]/config/config.xml,or a screenshot from the Weblogic providers page; otherwise, you need to file a service request for secure uploads.0 -
Hi Steve,
I attached the config.xmlI added an ActiveDirectory authentication provider and made it "sufficient" as well as the defalut authentication provider.
This way, I can log in with my Active directory user as well as with "weblogic" user.
In OBIEE it works well this way.
Regarding the SSO - I didn't define anything special.
Maybe that's what missing.
Thanks,
Alex0