This section provides the following topics:
During 11g Resource WebGate registration or editing, you configure the logout parameters.
Note:
If the LogOutUrl
parameter is already configured for the 11g WebGate (with a value other than /oamsso/logout.html
), then ensure that is also present as part of the LogOutUrl
parameter.
To configure centralized logout for 11g WebGates:
Choose your method for registration described in Registering and Managing OAM 11g Agents
When creating or editing an agent registration, include appropriate logout values for your environment (Table 27-2):
Logout URL
Logout Callback URL
Logout Redirect URL
Logout Target URL
Finish and save your agent registration, as usual.
Multiple DNS Domains: Perform the following steps if you have multiple DNS domains configured for Access Manager 11g SSO.
Note:
The Logout Callback URL
can be unique for each WebGate; however, to construct the Logout Callback URL
for each WebGate, it is sufficient for the OAM Server to know the host and port of each WebGate from each domain. The file that the Logout Callback URL
points to must differ from the logout.html script in the WebGate installation directory.
Configure the Logout Callback URL
as the second value in the logOutUrls
parameter on each resource WebGate.
Logout Callback URL
is the location on WebGate that the request must be sent to, for clearing the SSO Cookie in that domain. The Logout Callback URL
cannot be logout.html.
Ensure that a file physically exists on each Web server at the Logout Callback URL
location (usually, at the same location as logout.html).
For example, if you configure a file named logout.png in the same location as logout.html, then the Logout Callback URL
of logout.png would be:
/oamsso/logout.png
Perform steps in "Validating Global Sign-On and Centralized Logout".
When the DCC receives a logout request from the Agent, the DCC:
Decrypts the logout request, if needed
Retrieves the end_url
, constructs the full URL with the Agent's host:port if needed
Clears the DCC cookie (DCCCtxCookie)
Sends the logout request across the back channel to terminate the session
Logout Callback URL
Logout Callback URLs
Gets a logout page containing links to all visited agent from OAM Sever (which has this information), or get only a list of the visited from OAM Sever to construct a logout page locally, and redirect user to this page on DCC.
Returns to the end_url
after logout completes
To configure logout for Resource Webgates separate from DCC:
Confirm that the Perl scripts for DCC logout include the actual location of the Perl executable on the Webgate host $WEBGATE_HOME/oamsso-bin/*pl
.
Resource Webgate: Modify the Logout Redirect URL to point to DCC's logout.pl:
Find the Resource Webgate Registration: See "WebGate Search Controls".
Modify the Logout Redirect URL to
point to the DCC's logout.pl. For example:
http://
DCCWGhost:port/
oamsso-bin/logout.pl
Note:
The DCC ignores the Logout Redirect URL
parameter in the Webgate registration page. However, if the Resource Webgate Logout Redirect URL
is anything other than logout.*
, then that URL must be defined in DCC Logout URLs
. See Table 24-3
Perform steps in "Validating Global Sign-On and Centralized Logout".