Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 16 Oracle Analytics Lounge
- 216 Oracle Analytics News
- 43 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 79 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OAS 2025 July Patch - SSO Timeout Not Redirecting to Custom Logoff URL
Hi Everyone,
Good morning. I'm running into an issue with OAS 2025 (July patch) and need to confirm the expected behavior for SSO timeout scenarios.
Current Setup:
- OAS 2025 with July patch applied
- SSO enabled: OAS > OHS > OID > OAM
- Custom Logoff URL configured
When users manually click Logout, they're correctly redirected to our custom Logoff URL. However, when a session timeout occurs, users are instead taken to the default login page at bi-security-login/login.jsp rather than our custom Logoff URL.
I found a previous thread about configuring timeout behavior with DV in OAS 2025, where the response indicated this issue should be resolved with the July 2025 patch. Since I'm already on that patch level, I want to confirm what the expected behavior should be.
Configuring Time Out Behavior when using DV in OAS 2025 — Oracle Analytics
With SSO configured and a custom Logoff URL set, should session timeouts redirect to the custom Logoff URL or is the current behavior (redirecting to the default login page) actually, correct?
Thanks,
Sherry
Answers
-
Hi Sherry,
Check:[DOMAIN_HOME]/config/fmwconfig/bienv/core/bi-environment.xmlMake that
<bi:logoff-url>/bi-security-login/logout?redirect=/dv</bi:logoff-url>
is set to your custom SSO logout URL, so that your SSO token (header/cookie, etc. ) is removed.
This is similar to to the instruction in the documentation here using WLST or EM:Enable Oracle Analytics Server to Use SSO Authentication
- Also, as a side note, ensure your /dv timeout is aligned with your SSO timeout
[DOMAIN_HOME]config/fmwconfig/biconfig/bi-security/config.properties
internalSessionTokenExpiryTime=14400(value in seconds matches [=] your SSO timeout value)0 - Also, as a side note, ensure your /dv timeout is aligned with your SSO timeout
-
Hi Steve,
Thank you for the guidance. I've verified the configuration and found a potential issue.
bi-environment.xml has the correct custom Logoff URL configured and config.properties shows internalSessionTokenExpiryTime=14400.
In the advanced settings, I had configured 'Sign Out Inactive Users Automatically' = true and 'User Inactivity Timeout' = 60 minutes.
We have a OBIEE 12c instance where this behavior was not noticed. I will compare the SSO settings and also test with setting the 'Sign Out Inactive Users Automatically' property to false to see if this resolves the timeout redirect issue.
Will update with results.
Thanks,
Sherry1 -
quick thoughts:
-Check if you have the patch for Bug 37634679.
-confirm if you have nextGenAuth set:
$DOMAIN_HOME/config/fmwconfig/biconfig/OBIPS/incubation.properties
oracle.bips.auth.nextGenAuth=????
-Does this only happen when the timeout occurs from the /dv side? Or also when the timeout happens from /analytics?
Do you have a value set for https://myoas.com/analytics/systemsettings/#security "User Inactivity Timeout (minutes)" / "oracle.bi.tech.settings.userInactivityTimeout" ?
1
