Forum Stats

  • 3,839,147 Users
  • 2,262,456 Discussions
  • 7,900,868 Comments

Discussions

Adf Application SSO logout redirect

João Rodrigues
João Rodrigues Member Posts: 80 Red Ribbon
edited Feb 17, 2021 3:40PM in JDeveloper and ADF

Hi,

I use the following code to redirect when invoking the OAM SSO logout request in a ADF application.

But this redirects to a generic logout page and I wanted it to redirect back to the SSO login page, where can I do this configuration?


JDeveloper version 12.2.1.3.0

Regards,

João Rodrigues

Tagged:

Answers

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,590 Red Diamond
  • Jose Passos
    Jose Passos Member Posts: 8 Red Ribbon

    Hi Timo,

    I'm working with João on this and the issue we are facing now is that when we are using SSO, on logout we are calling OAM and defining the end_url.


    When we click in logout it redirects to OAM and the logout is done but there is a afrRedirect that is apended on the end_url


    When we login again once OAM redirects to the application the URL has that afrRedirect and fails to load the page with a 404 - Not Found, even though the login is performed.


    If we remove the afrRedirect the application shows up with the user logged in.

    Another thing we tested was that if we logout in the browser using the intended URL the issue does not happen.


    Can you please shed some light of where this afrRedirect comes from and how can we get rid of it?


    Thanks in advance,

    Jose Passos

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,590 Red Diamond

    I guess the token is appended by the framework's session life cycle. Here the framework sees that you try to navigate to a faces page and somehow know that you were there before. The token is normally used to session tracking.

    What I did in this kind of situation was to set the redirect url to a page that is plain HTML and don'T use security at all. Just a plain page that shows the user that he has been logged out successfully. You can add a button to link to the login page if you like. If the user clicks the link or button he's transferred to the normal login page but gets a new fresh token.


    Timo

  • Jose Passos
    Jose Passos Member Posts: 8 Red Ribbon

    Hi Timo,

    Thanks but that how currently is, but it is not an option because all apps in the project are expected to redirect to Login page. Ultimately OAM will redirect to AD login page.

    Is there any way to clean those IDs by invalidating anything?


    Thanks in advance,

    Jose Passos

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,590 Red Diamond

    You can try to do the logout as described in my last response, but instead of showing a button or link do a direct redirect to the home page. This worked for me in older versions. I did not test this in 12.2.1.x


    Timo

  • Jose Passos
    Jose Passos Member Posts: 8 Red Ribbon
    edited May 25, 2021 1:35PM

    Hi Timo,

    We've managed to bypass the issue by setting the URL with some extra chars like /CPM/faces/Home?1=1 or something like that.

    By doing this the afrRedirect is still sent on the Logout but apparently bypasses the issue on the next Login as adf seems to understand this as a new request.

    Also, dispite this extra bit being always the same, it seems to do the trick as we managed to logout and login several consecutive times without the issue (so only if we point to the "clean" face the issue appears).

    Thanks for support though :)

    Regards,

    Jose Passos