Logout

Similar Messages

• Partner Application in SSO logout does'nt synchronize

  Hi All,
  I've setup two separate application on different workspace and different server as partner Application. I've follow the instruction from http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html
  . And everything working fine, but the "logout" seen doesn't work correctly.
  Example: I'm login to Application "A" from single sign on homepage, after enter username and password, it direct me to Application "A". After that, i've click on Application "B" which also located on single sign on homepage and direct me to application "B" (that's correct). When I clicked on the "logout" link in Application "A" it work fine, but the other Application (B) doesn't log me out. I can do the normal work on Application "B" even the Application "A" already logout.

  Hi Scott,
  Thank you for your reply. I've read the two link above and I don't figure out how to resolve my problem yet. From the link: Logout URL for 9iAS SSO Partner App
  you said:
  Steve - Here's a logout URL that unsets the app's session cookie first, then goes to Single Sign-off, then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGECan set the authentication schema logout URL of application "A" something like: unsets app's session cookies first, then goes to Single Sing-off, then goes to Application "B" sign-off, and then back to a public page in the app. That way will be logout the Application "A", logout the Single Sign-On, and logout the Application "B" when i click on the "logout" link from Application "A". Am I correct?
  The other question is how can i get the SSO cookie. I've used the owa_cookie.get('cookie_name') function, but it doesn't work for SSO.
  Thanks,
  Kevin

• Logout/shutdown hangs half way through repeatedly

  When I attempt to logout/restart on my iMac, most of the time all the visible apps close but then the desktop picture doesn't go away and the computer never completes the logout/restart process.
  I am assuming (perhaps wrongly, since I don't know much) that there is a "hidden" app in the background that is still running and nixing logout. However, no error window or indicator appears. Is there a way to figure what is stopping this logout/restart process?
  The issue is intermittent, making it tough to trouble shoot. However, it happens on both of our home iMacs, as well as 80% of the time on my work iMac. It never happened on any machine before the upgrade to Yosemite, so I am guessing it has something to do with Yosemite. But, to make it more confusing, it never occurs on my MPP that also runs Yosemite.
  I've trashed the com.apple.finder.plist file, repaired permissions & restarted the computer multiple times but the issue persists.
  More specifically, when logging out or attempting to shut down, all the visible apps close and my desktop goes blank (i.e., the hard drives and desktop icons all go away, except for the Dock, but the Desktop background picture itself remains unchanged), but the computer never finishes shutting down. Relaunching Finder does nothing, i.e. nothing happens after I give the command to relaunch. I can still open applications (except for Finder) via the Dock and they behave normally, with menu bars appearing at the top of the screen, but Finder never starts working and the hard drive icons never show up again on the desktop.
  On one machine where we run multiple users (for the kids), sometimes it will happen for one of the users but not others. On the other machines where it repeatedly happens, there is only a single user.
  It's not the end of the world to force a reboot with the hard power key most of the time, but it would be really nice to figure out why this is happening and fix it.

  Here are some logs.
  Another potential clue: we have 6 user accounts on our home iMac. Repeatedly, with the forced reboots necessitated by this bug, two of the accounts are greyed out on the main login screen following a reboot. The names are there under the icons, but the icons no longer have the colored pictures that should be associated with them. In the past several months, intermittently these icons will be fixed and log in works fine (I have no idea why they get fixed occasionally and then rebreak with the forced reboots), but yesterdy my wife tried to login to her greyed out icon and it wouldn't accept her password and then went to a whole different error screen asking her to change her password, does the keyboard not work, etc. Does this help with the troubleshooting process?
  Also, the issue occurs on my home and work iMacs running Yosemite. The work iMac only has one account so don't think the multiple accounts has anything to do with the problem per se.
  And the issue does not occur on my old MPP 17" running a similar version of Yosemite, and it has 3 accounts.
  This issue is starting to impair productivity both at home and work so would appreciate any advice anyone has. And our University "hates" Macs, so I don't want to give them any excuse to force us all to go to the PC World
  Much appreciated.
  ▾  I. Home new iMac
    ▾  A. 2015/0/3/07 23:21
    •  1. 3/7/15 11:20:41.218 PM WindowServer[3547]: CGXGetConnectionProperty: Invalid connection 56835
    •  2. 3/7/15 11:21:08.113 PM loginwindow[3544]: ERROR | -[SessionLogoutManager startLogout:logoutSubType:showConfirmationUI:countDownTime:useTALOption:logoutO ptions:] | Attempt to start a: Shutdown, AFTER a Restart was already past the point where logout can change types
    ▾  B. 2015/03/08 00:46
    •  1. 3/8/15 12:46:14.346 AM WindowServer[127]: device_generate_desktop_screenshot: authw 0x7f7f8ad469a0(2000), shield 0x7f7f8aca42f0(2001)
    •  2. 3/8/15 12:46:14.382 AM WindowServer[127]: device_generate_lock_screen_screenshot: authw 0x7f7f8ad469a0(2000)[0, 0, 2560, 1440] shield 0x7f7f8aca42f0(2001), dev [2560,1440]
    •  3. 3/8/15 12:46:14.546 AM com.apple.xpc.launchd[1]: (com.apple.xpc.launchd.domain.user.504) Service "com.apple.xpc.launchd.unmanaged.loginwindow.71" tried to hijack endpoint "com.apple.tsm.uiserver" from owner: com.apple.SystemUIServer.agent
    •  4. 3/8/15 12:46:14.546 AM com.apple.xpc.launchd[1]: (com.apple.xpc.launchd.domain.user.504) Service "com.apple.xpc.launchd.unmanaged.loginwindow.71" tried to hijack endpoint "com.apple.tsm.uiserver" from owner: com.apple.SystemUIServer.agent
    •  5. 3/8/15 12:46:34.204 AM loginwindow[71]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
  ▾  II. Work iMac
    ▾  A. 2015/03/02 05:40
    •  1. 3/2/15 5:40:54.338 PM diagnostics_agent[341]: com.apple.message.domain: com.apple.usage.app_activetime
  com.apple.message.signature: Battery Status
  com.apple.message.signature2: com.TaylorMarks.BatteryStatus ||| 1.4.2 (1.4.2)
  com.apple.message.value: 3136
  com.apple.message.value2: 0
  com.apple.message.value3: 0
  com.apple.message.value4: 0
  com.apple.message.value5: 0
  com.apple.message.value6: 0
  com.apple.message.value7: 0
  com.apple.message.result: NO
  com.apple.message.summarize: YES
  SenderMachUUID: 23F74FE7-BC10-3ABE-AE79-A598FA73C193
    ▾  B. 2015/03/05 1809
    •  1. 3/5/15 6:09:40.813 PM WindowServer[152]: CGXGetConnectionProperty: Invalid connection 65027

• How to get users' login logout time for user IDs for a specific date?

  Dear All,
  There is a case I being requested to retrieve the Userid, User Name,
  User Group, User Dept, Date, Login Time, Logout Time in a specific date, for example, 21.05.2009.
  How should I retrieve the information? The user want to input specific date and user group then return the details that mentioned above.
  I try with SUIM->Users->By Logon Date and Password Change... but I can't specific the date that I want ...
  I try with SM19 (Security Audit Log), but unfortunately in my system this is not activated.
  I've seek for SAP's advise, and they say need to ask abaper to developr a report in order to get such details....
  Do you guys have any other methods?
  Do you guys know which tables will contain the details as mentioned above?
  Best Regards,
  Ken

  Unfortunately without the audit log, you're going have a hard time finding this information.  As mentioned, ST03N will give you some information.  If your systems daily workload aggregation goes back to the date you require then you'll be able to get a list of all users who logged on that day.  ST03N doesn't keep time stamps just response times.
  My only idea is VERY labor intensive.  If your DB admin can retrieve a save of the database from that day then table USR02 will hold a little more information for you.  It will contain last login times for that day.  If your system backup policy happened to have saved the contents of folder "/usr/sap/<SID>/<instance>/data" then you potentially have access to all the data you require.  The stat file will have recorded every transaction that took place during that day.  If that file is restored you could use program RSSTAT20 to query against it.
  Good luck and turn on the audit log as it makes your life much easier!

• OID SSO Logout issue from the partner application

  As per the below link I am trying the logout functionality from the partner application,
  http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/tpsso.htm#i1011555
  The article talks about a logout url pattern, I am trying to execute the below from the partner application.
  https://single_sign-on_host:single_sign-on_ssl_port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=done_url
  The issue I got is OID server is not redirecting to the p_done_url, it just stays in the same OID logout page, Do I have to create any configuration entry to get the redirection working?
  Thanks

  Hi All,
  Providing more information,
  What I get is the OID logout screen with two return buttons on top and bottom of the page.
  If I found is when I click any of those it goes to the p_done_url but What I want is
  instead of stopping in the OID logout page, auto redirection to the p_done_url,
  Can this be done.
  Thanks

• Logout URL for 9iAS SSO Partner App

  Hi,
  I've successfully set up an HTMLDB application as a Single Sign On partner APP. The login works perfectly, except I'm a little confused about the logout URL. Currently it is set to the default in the Authentication scheme, but it doesn't work too well - I get errors if I navigate back to the single sign on page from the default HTMLDB logout page. What I want it to do is to de-authenticate then automatically go back to the SSO login page. What do I change my logout URL to?
  (curently it is wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=4155:PUBLIC_PAGE)
  Thanks,
  Steve

  Steve - Here's a logout URL that unsets the app's
  session cookie first, then goes to Single Sign-off,
  then back to a public page in the app:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.log
  out_then_go_to_url?p_args=&APP_ID.:https://login.yourl
  ogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p
  doneurl=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLI
  C_PAGE
  ScottI am quite new to Oracle Apex.
  I have just looked read through your posts, because I am having a similiar problem. I simply want to be able to click the logout link on my application and be able to logout of single sign on.
  I have tried your URL and I am sure it is accurate but I am unable to get it to work. I think the main problem I have is that I cant get to the logout URL on the single sign on page : http://host:port/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Please could you advise ?
  Thanks
  Numan

• Why the sign-off page Not Displayed when I do SSO Logout ?

  Hi All,
  I am using Oracle SSO 10.1.4.1 and OID 10.1.4.1 and registering our ADF application to participate in the SSO.
  When I call SSO Logout from the web application with this URL :
  http://myserver:port/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://myserver:port/portal/page/portal/myPORTAL
  It just do the Logout "Silently" and then redirect to http://myserver:port/portal/page/portal/myPORTAL.
  Doesn't it should firstly display a page that shows the list of all application that will be logged-Off ?
  Why that sign-off page does not get displayed ?
  Thank you for your help,
  xtanto

  Looking at the product version you mentioned, I assume you are referring to Oracle Access Manager. When you configure a Logout URL, it will just end the session by killing ObSSOCookie and take you to the Logout URL as specified by the Administrator. OOTB, it wont be able to display the list of the applications you will be logged off from. This needs custom development to achieve what you are expecting. First you need to find out what all applications the user is logged in or to what all applications the ObSSOCookie session is passed and then display them on the Logout URL.

• BOBJ XI 3.1 SP7 SSO logout and login again not working

  Hello,
  The customer have a deployment of five BOBJ XI 3.1 SP7 with Tomcat 7 servers and AD integration with SSO.
  The case is that:
  The SSO login works fine on all servers, but when click logout and then go to the address bar and hit enter on the first four servers SSO reacts again, but on the 5th does not. The only way to login again is to close the browser and open it again.
  The configuration and the versions of Tomcats is exactly the same. The only difference is in the version of Windows the first four servers are on Windows 2003R2, but the 5th(the last) is on Windows Server 2008R2. I think the problem is somewhere in the application server(the Tomcat), but the server.xml and the web.xml of the InfoViewApp are the same.
  The SPNs are:
  BOBJCentralMS/hostname serviceaccount
  HTTP/hostame serviceaccount
  HTTP/FQDN serviceaccount
  I'm out of ideas so if somebody can help I'll be happy.
  Thank you in advance!
  Dilyan

  Hi Manna Das,
  I'll check the log, when i go to the customer(have no remote connection).
  Hi Sebastian Wiefett,
  Where in the BOBJ documents is described that the all nodes in the cluster must be on the same OS? I think it does not matters. Only the version of SP and FP must be the same.
  Different browsers are not allowed in the customer's newtwork. Only Internet Explorer.
  I'll try Kerberos debugger. I forgot about it.
  Hi raunak kumar,
  The case is not the same. First the resolution described in SAP Note 1835729 is included in SP7, second here the problem is not on the refresh page(F5), but on click in the address bar and hit "enter". There is difference between the two methods.
  Thank you for the suggestions!

• OAM 11g Webgate 10g customized SSO logout page

  As stated in the title, I am using OAM 11g and Webgate 10g. I am trying to create a customized SSO logout page but am confused on a few parts. First off, in http://docs.oracle.com/cd/E17904_01/doc.1111/e15478/logout.htm#CHDHFGJC , it states the following step for their logout.html:
  Logic in logout.html redirect to the OAM Server. For example:
  http://myoamserverhost:port/oam/server/logout?end_url=http://my.site.com/
  welcome.htmlMy question is if this is truely required? Or is there a way to have OAM invalidate the session and do its internal part of the logout procedures without needing to force the user to redirect to the OAM server's logout URL (eg: it automatically recognizes that the Webgate URL is "...../logout.html" and handles it properly). From talking to colleagues it sounds like this should be possible, and I see some mentions of it in the above documentation, but this appears to be 11g OAM and 11g Webgate behavior. At the same time though, the line "Logout is initiated when an application causes the invocation of the logout.html file configured for any registered OAM 10g Webgate." Leads me to believe that it can work with 10g webgate as well.
  Or, is there a way to have multiple valid logout pages on the OAM server? (There is currently a customized logout page that we cannot modify, and does not meet all the requirements we have for look/feel)
  Thank you
  Edited by: mBaldwin on Apr 12, 2013 10:30 AM

  Bump Any ideas?

• JSESSIONID not deleted during SSO logout

  We have a ADF/Struts webapp on OracleAS 10.1.2.0.2 protected by SSO (mod_osso). When a user logs off from SSO, all a success mark is shown from each partner app where the user was logged in (including our application), but the remains logged in to the webapp nevertheless.
  I have tracked the problem down to the JSESSIONID cookie, which causes the user to be logged in the application as long as the cookie is present. All the strictly SSO-related cookies are deleted during the logout except the JSESSIONID for the SSO partner webapp. The user is always correctly logged out from e.g. OIDDAS after logout.
  After logout, if I go and destroy the cookie either by manually deleting it from my browser or by closing the web browser, mod_osso shows immediately the SSO login page. i hav also verified by tracing the HTTP traffic that it is the JSESSIONID cookie that causes this behaviour.
  In Metalink article Note:258200.1, it is said that JSESSIONID cookie is not directly related to SSO so why is it a key factor when deciding whether a user actually is logged off from the application? Furthermore, the metalink article clearly states that the JSESSIONID cookie is deleted during logout (which is not the case).
  As far as I remember, we have never been able to see it working in our setup.
  Can mod_osso/SSO/whatever be configured do delete the JSESSIONID during the SSO log off or what would be the correct way to get the logoff working? Furthermore, shouldn't mod_osso actually ignore the JSESSIONID cookie and only care about the SSO-related cookies when deciding whether to allow the user in?
  TIA,
  Markus

  We solved the problem by implementing a Servlet filter that takes care of invalidating the user session if the user has logged out (either explicitly or through Global User Inactivity Timeout).
  The solution follows the guidelines described in
  Oracle Identity Management Application Developer's Guide section "9.4.1 Single Sign-Off and Application Logout" (http://download-uk.oracle.com/docs/cd/B14099_19/idmanage.1012/b14087/mod_osso.htm#BJFGAGIA)
  IMHO, the solution is a bit overkill, but it solved the problem. We haven't yet tried the solutions proposed by Rodrigo.

• BSP: Logout does not work

  Hello.
  At the moment i am re-developing a bsp-application, that i have written about 2 years ago.
  I have to add a logout-funtion to the new version, as the users desperately want it (Some of our users seem to get nervous, when login on to a page, that provides no logout button...).
  I have already tried navigation->exit() but this method only drops the application context - the session will not be terminated, so that the user will not be promted for login-data when e.g. pressing the back-button of the browser.
  I read the documentation on help.sap.com carefully and the problem seems to be, that the appliaction is using "Basic Authentication" at the moment. Using this kind of authentification generates a session-cookie, that will persist until the browser is closed.
  My first attempt was to get rid of the cookie using jscript, but this did not work. First i thought, there was a bug in my jscript-coding, and so i opened the corresponding menu of my browser and deleted any cookie by hand. Unfortunatelly, this had no effect - i was still able to use the page and my session was still existent.
  So i searched for further informations and found out, that it should be quite easy to implement a logout, if SSO-Login was used for athentification. Unfortunatelly i also found out, that SSO is not available on our system, so i will have to find another way.
  Finally i found out, that a logout can be done by simply setting the application into stateless mode, if fields authentication is used.
  I tested this for a simple test-application i had written a few days ago and everything worked fine: I had to enter my logon-data at the first call of the application, the login worked as expected and setting the application to stateless mode ended my session immediatelly. Reloading the page or using e.g. the back-button of the browser did not cause any trouble, so i wanted to use this technique, because the behaviour of the testpage exactly met the requirement.
  My next step was to enter transaction sicf and to delete every authentication-mechanism except of "Fields Authentication" to enforce the usage of this mechanism for my bsp-application. It worked somehow, but not in the way, i expected.
  When trying to open my bsp-application, i had to enter my logon-data in an html-form (as expected).
  But sending the data did not create a session. I have to log in between 2 and 5 times (it differs for every try) before i finally see the first page of my bsp-application.
  Once logged in, the session is quite "unstable" - a simple reload of the page throws me back to the logon page again.
  I have no clue, what causes this creepy behaviour - i copied the settings of my testappliaction 1:1 in sicf, both applications are stateful by default and the only place, where the switch to stateless mode is done is my logout-page. Yesterday i even deleted the service of my application in sicf, created a new one and customized it in the same way, i had customized the service of my test-application, so there should be no differences (i have checked for about 10 times).
  As i have already searched the forum and did not find anything, that seemed to match to my problem, i hope, that somebody can give me some advice, because i really do'nt know, what else to try.
  Below you can see the configuration of the service in SICF. Any option not listed here has its initial value:
  Procedure: Alternative Logon Procedure
  Logon Procedure (The Table-control at the bottom of the page) holds only one entry: "Fields Authentication"
  System Logon: True
  Settings Selection->Define Service Specific Settings: true
  System Logon Settings->Select Display->System Messages: true
  System Logon Settings->Actions During Logon->Protocol: "Do Not Switch"
  System Logon Settings->Default->Client: 101
  System Logon Settings->Default->Language: "German"
  System Logon Settings->Logon Layout And Procedure->SAP Implementation: true
  System Logon Settings->Logon Layout And Procedure->Tmpl.: "Normal"
  System Logon Settings->Logon Layout And Procedure->SAP Icon: "Chrome"
  And here is some information according to the bsp-application:
  Initial BSP: set
  Application Class: set (My test-page did not use an application-class - this seems to be the only difference)
  Theme: not set
  Stateful: yes
  Supports Portal Integration: no
  I do'nt know, if there is any other information, that could be useful for solving the problem - if anything is missing, just ask for it and i will provide the infomation needed.
  Thanks in advance.
  Regards, Jörg Neumann

  Hello,
  up to now we also faced a lot of issues with that logout-problem.
  Especially the logout for IE 5.5 and the XUL-runner gave us a hard time.
  We had to change our logout-page about 10 times now, because some weird browser did not work like all the others - AGAIN...
  Here is, what we got so far.
  As far as i know, this stuff should work cross-browser, but it's still client-side jscript.
  <%-- --------------------------------------------------------------
  This is the jscript, that will log you out                      
  -------------------------------------------------------------- --%>
  <span id="onloadscript"><!--
    function DelSso2Cookie(sName,sPath){
      var sso2Domain = location.hostname;
      if (location.hostname.indexOf(".")!=0) sso2Domain = location.hostname.substr(location.hostname.indexOf(".")+1);
      p="";
      if(sPath)p=" path="+sPath+";";
      document.cookie = sName+"=0; expires=Fri, 31 Dec 1999 23:59:59GMT;"+p + "domain="+sso2Domain+";";
    try{
      document.execCommand( 'ClearAuthenticationCache' );
    } catch (e) {}
    DelSso2Cookie("MYSAPSSO2","/");
  //--></span>
  <%
  CALL FUNCTION 'HTTP_DELETE_SSO2_COOKIE'
    EXPORTING
      server = runtime->server.
  %>
  <%-- --------------------------------------------------------------
  Calling the script directly did not work in all browsers        
  so we had to use a trick, that may seem kind of weird...        
  We use the onLoad-Event of a transparent 1x1-pixel-image.       
  The query-string is a dummy-value, that will be ignored by the   
  server but it forces the client to reload the picture from the   
  server instead of reading it from the browser cache.             
  This dirty hack was necessary, because some browsers will not   
  fire the onLoad-Event, if the image was read from the browsers  
  cache.                                                          
  -------------------------------------------------------------- --%>
  <%
      DATA: lv_img_url TYPE string.
      CONCATENATE '/sap/public/bc/ur/nw5/1x1.gif?'
                  'dummy=' sy-datum '_' sy-uzeit
             INTO lv_img_url.
  %>
  <img src="<%=lv_img_url%>" onload="eval( document.getElementById('onloadscript').childNodes[0].nodeValue );">
  Regards, Jörg

• ApEx SSO logout

  Hello everyone,
  I need ApEx to authenticate via Single Sign On (SSO). I am able to login to ApEx via SSO but logging out fails. I am properly routed to my logout page but an actual logout does not happen.
  I followed instructions per Metalink Note 562807.1, "Configuring an APEX Application to Use SSO With SDK in Separate Schema". After searching the web, it appears that other people are having the same problem but I have not seen a posted solution.
  I am using ApEx version 4.0.2, and Oracle's Application Server version 10.1.2. ApEx is installed in an Oracle 11.2.0.1.
  Has anyone had this problem or does anyone have some information that may help guide me past this logout issue?
  Nate

  I have found that two procedures will log my application out of SSO (Single Sign On).
  1) wwv_flow_custom_auth_std.logout - This procedure does sucessfully log me out of SSO but it does not bring an application back to the SSO login page.
  2) wwv_flow_custom_auth_std.logout_then_go_to_url - This procedure seems to work better than the above procedure with SSO. This procedure logs an application out of SSO then redirects the application to a page of your choice, in my case, the SSO login page.
  Procedure wwv_flow_custom_auth_std.logout_then_go_to_url is used as follows:
  wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:http://<IDMANAGEMENT_SERVER>:<IDMANAGEMENT_SERVER_PORT>/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://<APEX_MACHINE_NAME>/pls/apex/f?p=&APP_ID.Note:
  Your ApEx operation must to be registered with SSO

• SSO logout not working properly (cookie remains set)

  Hi, I've just implemented single sign-on authentication for my APEX 2.2 applications with help of these two howtos:
  http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html#INSTALL
  http://becomeappsdba.blogspot.com/2007/01/apex-apps-configure-sso-ii.html
  It quite works smoothly, e.g. for pages that require authentication the user is redirected
  ("Redirecting to the Login Server for authentication...") to the SSO server (another machine, a part of Oracle Collaboration Suite infrastructure). There on the login screen, the user enters the credentials and after submit (if the credentials are OK) is redirected back to the APEX application as an authenticated user.
  When the user clicks "Logout", the application redirects him (her) to the page specified in the "Logout URL" attribute of the SSO authentication scheme and the displayed username changes to "nobody". So far so good.
  However, the problem is that the user is in fact not logged out. On a subsequent attempt to get to an authenticated page within the same browser window the application displays for a short while "Redirecting to the Login Server for authentication..." but it doesn't really get the user to the SSO logon screen to enter username and password and instead it redirects him (her) directly to the required page as the previously authenticated user (the user who clicked the "Logout" sign). The only workaround is to close the browser window and start over again as the other user, which is not very convenient nor secure. It seems that despite the seeming logout the cookie remains set and I don't how to force the application to get rid of the cookie upon logout.
  Has anybody faced this behaviour and has some assistance for me?
  Thanks in advance.
  Zdenek

  Scott,
  thank you very much for your prompt explanation and pointing to the right thread. There, I was able to quickly find what I was looking for - the logout URL:
  https://host:port/pls/DAD/wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:https://login.yourlogin.com/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https://host:port/pls/DAD/f?p=&APP_ID.:PUBLIC_PAGE
  Having that, it took me just 5 minutes to adopt it to my conditions (change machine names & page number), paste it to the SSO authentication scheme's logout URL field and sucessfully test it.
  To summarize for others in need, these are relevant links to this topic:
  Re: Partner Application in SSO logout does'nt synchronize
  SSO authentication
  Logout URL for 9iAS SSO Partner App
  Thanks again & appologies for asking this question without preceding proper searching for answer in this excelent & useful forum.
  Zdenek

• SSO Logout Doesn't Work

  [9iAS Release 2 with OID, 9iDB 9.2.0]
  i have a Java partner application registered with the Login Server, and authentication is functioning properly. my application delegates to the LS for user authentication if no session is present, and reads the username correctly once the session has been set. the only problem is... i can't log the user out. i've used the example Oracle code (papplogout.jsp); i've written my own manual cookie-trashing methods in SSOEnablerBean.java; i've copied the redirect code from OIDDAS which auto-posts a form so the ssosignoff package. nothing works. once the redirect returns to ssoHome.jsp (my analog of papp.jsp) after logout the SSO bean recognizes who i am (or, who i was) and happily forwards me back into the application, session and SSO username intact.
  has anyone else experienced this? how can i kill my SSO cookie when a user wishes to logout, without closing the browser?
  thanks
  .rich

  Hi,
  I am looking for solution of the exact problem.
  Have you solved it?
  thanks,
  Branislav

• SSO logout question

  Good day gentlemen,
  I'm having a little problem with SSO built-in authentication scheme. I've created a simple application to test it, and enabled the built-in authentication scheme, Oracle Application Server Single Sign-On (Application Express as Partner Application).
  - Everything runs fine, when i access the app, the login page configured in SSO shows... but when i logout from the created application it doesn't work correctly, i just enter the app url again and gain normal access to it.
  My question is: do i have to create a Logout function to invalidate the session?

  Edson,
  There's some discussion here and some good tips from Anton: SSO authentication and another post here, which stresses the importance of first identifying your objectives, as a logout URL in an SSO setup must be constructed so that it does what you want it to do: Logout URL for 9iAS SSO Partner App .
  Scott

• SSO Logout Status

  I am currently using SSO for authentication and it is functioning properly except the checkmark image does not show on the logout page for the partner application name that was created for APEX. If i am logged into other AS instances running SSO (portal), the checkmark does show for them. Not sure if it is the SSO partner app config or sso logout url. Thank you for any information.
  Logout URL on SSO is : wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:http://server/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://server/pls/apex/f?p=app:page
  Robert

  Robert,
  Logout URL on SSO is : wwv_flow_custom_auth_std.logout_then_go_to_url?p_args=&APP_ID.:http://server/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http://server/pls/apex/f?p=app:page
  That's the link that appears on the Single Signout page? It should be a fully qualified URL, at least. And it cannot have substitution item syntax like &APP_ID.. But if all you want to happen when the Single Signout page is shown is for a nice checkmark image to appear then just get the login server admin to change your application's partner application registration to use the logout URL of one of the other partner applications for which a checkmark does appear. Either that or create a checkmark image in your images directory and put a link to that in the registration form.
  If you want that logout link to actually do something (unset cookies, etc.), you'll have to do more work, but I don't see any extra benefit of doing that -- once the Single Signout Page is done your users will have to re-authenticate to use your application.
  Scott