Configuring Single-Logout Between Identity Manager and OpenSSO Enterprise

When the user logs out from the Identity Manager application, the user should automatically be logged out from OpenSSO Enterprise as well. This is called single-logout.

To configure single-logout between Identity Manager and OpenSSO Enterprise, complete the following steps:

1. Configure OpenSSO Enterprise for single-logout.

2. Test the single-logout configuration.

The following figure illustrates the process flow for single-logout.

Figure 1–5 Process Flow for Single-Logout Between Identity Manager and OpenSSO Enterprise

To Configure OpenSSO Enterprise for Single-Logout

1. Log in to the OpenSSO Enterprise administration console.

2. Navigate to the Policy Agent Profile for the policy agent on Identity Manager.

   From the Access Control tab, go to Top Level Realm > Agents > J2EE> idmagent.

3. In the Policy Agent Profile, go to Application > Logout Processing.

4. Add the following values to the Application Logout URI property com.sun.identity.agents.config.logout.uri:

   • logout.uri[idm]=/idm/logout.jsp

   • logout.uri[idm/user]=/idm/user/userLogout.jsp

5. Add the following values to the Logout Entry URI property com.sun.identity.agents.config.logout.entry.uri :

   • entry.uri[idm]=/idm

   • entry.uri[idm/user]=/idm/user

6. Click Save at the top of the page.

   The properties you have configured are "hot-swappable" properties; they do not require you to restart the server for changes to take effect.

7. Log out of the OpenSSO Enterprise administration console.

To Test the Single-Logout Configuration

1. Log in to the Identity Manager application.

2. In the Identity Manager application window, click Logout IDM.

   You are logged out from both Identity Manager and OpenSSO Enterprise, and then redirected to the OpenSSO Enterprise login page.

3. Log in to OpenSSO Enterprise.

   You are automatically redirected to the specific Identity Manager application administrator or user you had logged out from in step 2.

   You have successfully tested that you were logged out from both Identity Manager and OpenSSO Enterprise when you logged out from your Identity Manager application. This is single logout. Additionally, you have verified that when you log in a second time, you are correctly redirected to the appropriate Identity Manager user area.