0 Replies Latest reply: Apr 23, 2013 4:53 AM by Deepansh Mathur RSS

    OIF(11.1.1.6) Custom Logout

    Deepansh Mathur
      Hi,

      I am trying to integrate a custom logout flow for SP Initiated SSO. My SP is a sharepoint site. I have written a custom Authentication Engine to authenticate the user. On successful authentication user is redirected to the SP (sharepoint site). This configuration is working perfectly fine.

      Now I want to configure the logout flow from sharepoint site. I have seen the documentation and created a custom logout.jsp as follows:

      <%@page buffer="5kb" autoFlush="true" session="false"%>
      <%@page language="java" import="java.net.*"%>
      <%
      response.setHeader("Cache-Control", "no-cache");
      response.setHeader("Pragma", "no-cache");
      response.setHeader("Expires", "Thu, 29 Oct 1969 17:04:19 GMT");

      final String TEST_ENGINE_ID="B00BBEAAA4";
      request.getSession().removeAttribute("feduserid");
      request.setAttribute("oracle.security.fed.authn.engineid", TEST_ENGINE_ID);
      request.getSession().getServletContext().getContext("/fed").getRequestDispatcher("/user/logoutretsso").forward(request, response);
      %>

      But when I click on the logout link on sharepoint site. The user is sent to the following url:

      http://oifhost:oifport/fed/idp/samlv20?SAMLRequest=nZJRT4MwFIX%2FCuk7UNjGWDMwJouOOJfIjDpfTFcKw0Db9bZmP19gM5km%2BuDN%0AfTr33HO%2FNJ0DbRtFVrKS1uT8YDkY59g2AsgwSZDVgkgKNRBBWw7EMLK5vl%2BR%0A0MNEaWkkkw1yskWC3ljJwqiMCx7jiDEcxSWeBoxG5Y5Po3gy6WwAlmcCDBUm%0AQSEOQrdv%2FIgjEs5IOH5FzhPXUEvRjT2M0nmPQYY9fQH2NxcF4Np0ISjdG6OA%0A%2BD5Uo2DsUas7tcMGLqjHZOsXVFBXUJ9as%2Ff7ZJeLQslaGI9V9ZVKQI3m%2FgXE%0AmWjdHc0W%2FyBybqRuqfndHnjBoNSFWw5W8jLBs43dvXNm%2BrMoBTzU%2BAx2YjmB%0AKbLh0L9fJgp%2BTLuQh1tbL8vGXebR4Xl7l9uP3Xq22EpZVe4p4MfOl%2FjtU6Sf%0A&RelayState=%2Fdana-na%2Fauth%2Flogout.cgi%3Fp%3Dlogout%3FauthId%3D9&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TsCMg0xUhgaMHbyKjGv09iPbV8nvNPNztTSV%2BWBIg7IGTw9m%2BHVGqwrSiYpriyPhKnq75Q8nnPSp%2Fmlq%2FdY%2FyNZ4bORZ%2BxQnvLVaZbpJEdrPBAhFBgstrcjg3MOJoVYIw0U3bn5%2BXbEi2VycMm3WbieqHfIR4pUIngVjXP%2FJvnUWn59kOypj7VUiCHdhYfY1QKVyonzS2zDmNXtzqPd4%2FdDO6q64%2BIz7WjW4FyI35xQ7n1ZNIxSE027LOYlhtSqRp9%2ByF%2FNXxNBknuceUT%2FdqAulZak0QtWkTIqAQr3RMCMUuhs0qEZ6wx7%2FIAxty92CdS1YhC42vp92JZ0S7vJ4jA%3D%3D

      and the browser shows the following

      <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
      <SOAP-ENV:Body>
      <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="id-J-XBQRH79jKkueluoXmMHONNJRU-" InResponseTo="_cfc26f8de806cc068f071ca6fbe76855" IssueInstant="2012-12-10T06:26:42Z" Version="2.0">
      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
      http://ec2-50-17-30-210.compute-1.amazonaws.com:7499/fed/idp
      </saml:Issuer>
      <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
      <samlp:StatusMessage>
      User authenticated at IdP different from User specified in the Request message
      </samlp:StatusMessage>
      </samlp:Status>
      </samlp:LogoutResponse>
      </SOAP-ENV:Body>
      </SOAP-ENV:Envelope>

      I have added Logout Relative path as /logout.jsp and enable Logout on the Custom Authentication Engine settings. Do I need to make any other changes? The user is never taken to the logout.jsp. Am I missing some configurations?

      Any pointers?

      Regards
      Deepansh Mathur

      Edited by: Deepansh Mathur on Apr 23, 2013 2:52 AM