Thursday 10 March 2011

Siteminder sso cookie does not clear once the App is logged out.



The issue:

If you have setup siteminder sso with oracle fusion middleware.
The fusion middleware application comes with Oracle B2B and Worklist application.Once a user login though sso in these application,the logout button dosent work or complets the loop.
We need a way to clear the siteminder sso cookie once the logout button is clicked.
Please suggest a way to make this customization in the apps.


The solution:

The solution seems to be configuring in SiteMinder: configure the logout URL in the app as a SiteMinder logout URL

Steps are as:

1) Find the URL of the logout action in the app (from the docs, by hovering over it, or by tracing the HTTP traffic)
2) Open the SiteMinder Web Agent configuration (either in the SiteMinder console or in the local WebAgent config file) and add a LogOffUri setting to reflect the above URI. Note: this is a URI not a URL. So remove the http://hostname portion.

if you are not the siteminder administrator, You can pass this info to the SiteMinder administrator and they should know exactly what it means.

1 comment:

  1. Though the source of this information was not taken from this site... would like to add reference...

    http://nagarun.wordpress.com/2009/01/16/siteminder-sap-how-to-configure-the-logoff-uri/

    ReplyDelete