Redirect after Logout - AM 7.1

Similar Messages

• Redirect After Logout

  Hi,
  I have created several example public pages each containing the Portal 9.0.2 out-of-the-box Login portlet.
  Depending on which page I use to login from, when I logout, I would like to automatically return to the same login page.
  In Portal Rel 1, this was simply a case of setting the p_done_url value to that of the required login page.
  However, in Rel 2, logout first takes you to the default logout page (the one confirming logout from various partner applications), where you are then required to manually click RETURN, at which point, the correct login page is displayed.
  I have read various threads both from this forum and metalink, and each suggests looking in the SSO Admin Guide. However, this explains how to replace the Logout page, not how to redirect after logout. If I use the method described in the SSO Admin Guide, I can only have one logout page. This would mean that I would not be able to replicate the Rel 1 functionality, where I could go to a different login page each time after logout.
  Does anyone out there know how to replicate this Rel 1 functionality?
  Thanks in advance for all help received.
  Regards,
  Gillian

  Hi Anupam,
  This is a copy of the single sign-off file, ssoff.jsp:
  <html>
  <body bgcolor="white">
  <%@ page buffer="5" autoFlush="true" %>
  <%
  response.setHeader("Cache-Control", "no-cache");
  response.setHeader("Pragma", "no-cache");
  response.setHeader("Expires", "Thu, 29 Oct 1970 17:04:19 GMT");
  String done_url = null;
  int i = 0;
  try
  done_url = request.getParameterValues("p_done_url")[0];
  out.println("<center><h1>Single Sign-Off</h1><p>");
  out.println("<table border=0>");
  out.println("<tr>");
  out.println("<th>Appliction Name</th>");
  out.println("<th>Logout Status</th>");
  out.println("</tr>");
  for(;;)
  i++;
  String app_name = request.getParameterValues("p_app_name"+i)[0];
  String url_name = request.getParameterValues("p_app_logout_url"+i)[0];
  out.println("<tr>");
  out.println("<td>"+app_name+"</td>");
  out.println("<td><img src='" url_name "'></td>");
  out.println("</tr>");
  catch(Exception e)
  if(i>1)
  out.println("</table>");
  out.println("<br>");
  response.sendRedirect(done_url);
  else
  out.println("<h2><center><font color='red'>ERROR:</font>");
  out.println("This page can not be accessed directly!</center></h2>");
  %>
  </body>
  </html>
  When I now logout from the portal, this page is called as expected, but the logout process is not executed nor does the redirection take place. Any pointers??
  Thanks,
  Gillian

• Logged Out session can be accessed again After logout (DAD authentication)

  Hello,
  Please find the details of my problem below:
  SCENERIO:
  Current Authentication: No Authentication (USING DAD)
  Authorization: MYAUTH
  Frequency: Once Per Session
  declare
  lv_retval boolean;
  lv_srec pkg_myutil.r_sessionrectype;
  begin
  begin
  -- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
  -- and the link is not opened directly. In short making sure user opened the Apex link from the
  -- Oracle Forms application.
  lv_srec :=pkg_myutil.get_session_info(:P1_SID);
  if lv_srec.valid_session then
  lv_retval := TRUE;
  else
  lv_retval := FALSE;
  end if;
  exception
  when others then
  lv_retval := FALSE;
  end;
  return lv_retval;
  end;
  The Application Security property Authorization is set to : MYAUTH
  Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
  ( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
  so i directly modified the navigation bar entry
  Now I open the apex link from my forms application, and it Works fine. For example
  http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
  The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
  If I click logout, it works and takes me to the Mycompany home page.
  My question:
  If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
  I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
  Please help.
  Jay

  1.) Code for the function:
  Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
  function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
  rv_sessionrec eft.pkg_myutil.r_sessionrectype;
  lv_status NUMBER;
  lv_app_id varchar2(20);
  lv_EMPID VARCHAR2(20);
  lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
  lv_rmstatus number;
  begin
  begin
  -- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
  lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
  IF lv_status <> 0 THEN
  raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
  END IF;
  DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
  DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
  if lv_EMPID is null then
  raise_application_error(-20004,'User EMPID is null in the session info.');
  end if;
  -- construct return record
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=TRUE;
  -- remove pipe
  lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
  if lv_rmstatus <> 0 then
  null; -- think what to do
  end if;
  exception
  when others then
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=FALSE;
  end;
  return rv_sessionrec;
  end get_session_info;
  2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
  If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
  Does this help any?
  Thanks for your prompt response.
  Thanks,
  Jay

• No keyboard at login window after logout

  Hello all,
  I'm just starting state testing and have been presented with a problem.  When a student logs out of a machine in order to log into the testing account the login window won't accept input from the keyboard.
  Bacground and details:
  We have labs of computers using workgroup manager and open directory for management.  In a normal lab the machine will boot to a login window.  This is so that the preferences will be refreshed before a student logs in.  The student will login as a local user (student) and procede to do whatever for the day. 
  We have recently started state mandated testing.  I have set up an OD account which is very locked down and keeps the student on track while testing.  This requires someone to log the normal user out and login as the OD user.  This is where the problem arises.
  About 50% of the time the keyboard will no longer funtion after logout.  No keys of any sort work. The mouse still works.  Even keystrokes through ARD do nothing.  A end user is then required to reboot the system in order to do ANYTHING.  This is not ideal for elementary kids.
  From my digging in log files and poking around i noticed that the loginwindow process was hanging or crashing.  If i kill the process the login window blinks and then works just fine.  I'm sure i could write a logout script that drops a process into the background to kill the loginwindow process after so many seconds, but thats messy.  Has anyone seen this?  Any thoughts or solution? Only happens on a logout, never on an initial bootup.
  I have found that 95% of these issues occur on Mac Mini's.  I can consistantly replicate the issue on a mini.  If i clone the mini to a macbook, i no longer have the problem (using carbon copy cloner).  So either the hardware is part of the issue or the clone fixed something in the process.
  OSX 10.5.8
  /var/log/windowserver.log  (on logout)
  May 02 16:27:30  [252] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x6 not owned by caller loginwindow
  May 02 16:27:32  [252] CGXRestartSessionWorkspace: session workspace exited for session 256 ( on console )
  May 02 16:27:32  [252] loginwindow connection closed; closing server.
  May 02 16:27:33  [352] Server is starting up
  May 02 16:27:36  [352] CGXMappedDisplayStart: Unit 0: no display alias property
  May 02 16:27:36  [352] kCGErrorFailure: IOHIDSetCursorEnable returns -536870208
  May 02 16:27:36  [352] kCGErrorFailure: Set a breakpoint at CGErrorBreakpoint() to catch errors as they are returned
  May 02 16:27:36  [352] CGXPerformInitialDisplayConfiguration
  May 02 16:27:36  [352]   Display 0x41dc9d00: VirtualDisplay Unit 0; Vendor 0x756e6b6e Model 0x76697274 S/N 0; online enabled built-in (0,0)[1280 x 1024], base addr 0xb0021000
  May 02 16:27:36  [352] AGCAttach: Couldn't find any matches
  May 02 16:27:43  [352] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
  May 02 16:27:45  [352] kCGErrorIllegalArgument: CGXOrderWindow: Operation on a window 0x2 not owned by caller SecurityAgent

  >kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x2 not owned by caller SecurityAgent
  In those cases there may be threads and/or processes trying to do things with windows that they don't own. In other words, some programmers may have goofed up a little bit someplace.
  But might try the one Helpful marked post here...
  https://discussions.apple.com/thread/987826?start=0&tstart=0

• Able to see web page using back button even after logout

  Hi,
  I have created a web application using creator.
  I have disabled caching by putting following meta tags inside the <ui:head> tag to prevent caching of the sensitive web pages.
  <meta http-equiv="pragma" content="no-cache"/>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"/>
  <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-STORE"/>
  <META HTTP-EQUIV="EXPIRES" CONTENT="-1"/>
  <META HTTP-EQUIV="PRAGMA" CONTENT="NO-STORE"/>
  But after logout when the user clicks on the back button the user is still able to see the previous page visited. Is there any work around for this? I am using firefox. Have not checked whether this happens in other browsers or not.
  Would really appretiate if you help me.
  Regs,
  Shastri.

  I understand that this question has been asked multiple times and till now my search for any possible workaround for the issue has been futile. If anybody out there knows or finds a work around, please let me know.
  Thanks in advance.
  -Shastri

• Problem accessing sessionScope after logout

  Hello,
  after logout (session.invalidate) I cannot use
  ADFContext.getCurrent().getSessionScope().put(...) (java.lang.NullPointerException)
  How to recreate sessionScope?
  After logout not secured part of our application must be still functioning.
  Rado

  Hi,
  This is my logout code:
          ExternalContext ectx =
              FacesContext.getCurrentInstance().getExternalContext();
          HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
          HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
          HttpSession session = (HttpSession)ectx.getSession(false);
          session.invalidate();
          pageUri = Params.getStartUri();
          try {
              response.sendRedirect(request.getContextPath() + pageUri);
          } catch (IOException e) {
              JSFUtils.addFacesErrorMessage(MsgBundle.INTERNAL_ERROR,
                                            new Object[] { "Logout" });
          }The problematic code accessing the sessionScope is in constructor of session scope managed bean.
  When are instances of session scope managed beans created? I guess after a new session was created. Why then the sessionScope doesn't exists? Have my session managed bean higher priority and is created prior to sessionScope?
  I can postpone accessing sessionScope in the constructor but don't know have can I check sessionScope has not been prepared yet? In debugger it seems to be ok.
  Rado

• Redirect after successful authentication

  Hi Experts,
  I am trying to redirect the users to a different portal component after they are successfully authenticated, as I need the details of the authenticated user, especially the R3Name that was mapped to. I have done the below modifications in umLogonPage.jsp of the logon application:
  Deleted the form action:
  onaction="<%=inPortal?"":logonBean.getLogonURL(proxy, null)%>";
     2. Deleted the onSubmit of the form:
  ?"onSubmit=\"javascript:addTenantPrefix();\"":""
    3. Changed the type of logon button to button from submit.
    4. Then, I have added the below script in the umLogonPage.jsp which is being called onclick of the logon button:
  function payrollPnumCheck()
    addTenantPrefix();
    var logonAction =  "<%=inPortal?"":logonBean.getLogonURL(proxy, null)%>";
    <%
    boolean locked = PayrollStatus.isPayrollProcessing();
    if((locked)){
    %>
    alert(location.pathname);
    window.location.assign("http://zabrysvsapzhd:50000/irj/servlet/prt/portal/prtroot/com.dd.payrollProcessing.systemLocked");
    <%
    }else{%>
    document.logonForm.action=logonAction;
      document.logonForm.submit();
    <%}%>
  But, the portal is not being redirected after the authentication.
  Please let me know what am I doing wrong here. I am quite new to js and jsp.
  Thank you,
  Sai

  How are these Portal components deployed in the portal, NWDI activites or EAR/SDAs?
  IN either way you should be able to get a link to the landing page (might be index.html or jsp) e.g. http://<SAP>.<domain>:5xx000/<Application-Deployed-EAR>/root/landingIndex.html (in case of EAR SDA deployments) or http://<SAP>.<domain>:5xx000/<SID_TrackID_D><DC>/landingIndex.html
  These URLs can be wrapped in a URL iVIew and then assigned to a Page with no padding and borders so as to appear as a like any other normal webpage.
  If you don't change he page display settings you'll get the Framework headings, title and all SAP standard components and would look weird if the application is not a dynpro one.

• How to redirect after task approved?

  Hi All,
  I tried to redirect after task approved/reject like:
  %Current Task:Form_URN%]&Source=http://sharepoint/sitename
  This technique is working in dev site but not in production. Its redirects to task list only. Is there any other work around for this issue?
  Thanks in advance!

  Hi,
  According to your post, my understanding is that you wanted to redirect after task approved.
  In order to solve the problem more efficiently, can you descript more detail that how you create the workflow and where you add the action you mentioned?
  In addition, please refer to the official article related, hope you could find something useful from it:
  http://msdn.microsoft.com/en-us/library/ms772417.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• [JSF2] Redirect after post, flash scope, keepMessages

  Hi,
  I'm using the redirect-after-post (or post-redirect-get) pattern [1] in a JSF2 application. To preserve the faces messages until the next request (get), I call FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true) before returning the redirect as a result from my action method.
  All works fine, however, if I keep redirect-after-posting through my application, these messages never disappear. I have to manually clear them before issuing another redirect as in:
      private static void removeRenderedMessages(FacesContext ctx) {
          final Iterator<FacesMessage> msgIterator = ctx.getMessages();
          while (msgIterator.hasNext()) {
              if (msgIterator.next().isRendered()) {
                  msgIterator.remove();
      }Is this a bug or a feature (I'm using Mojarra 2.0.2 in Glassfish 3 web profile)? I was under the impression that variables in flash scope survive for exactly one request.
  Cheers,
  Daniel
  [www.flexive.org|http://www.flexive.org]
  [1] [http://en.wikipedia.org/wiki/Post/Redirect/Get|http://en.wikipedia.org/wiki/Post/Redirect/Get]

  Hi,
  I'm using the redirect-after-post (or post-redirect-get) pattern [1] in a JSF2 application. To preserve the faces messages until the next request (get), I call FacesContext.getCurrentInstance().getExternalContext().getFlash().setKeepMessages(true) before returning the redirect as a result from my action method.
  All works fine, however, if I keep redirect-after-posting through my application, these messages never disappear. I have to manually clear them before issuing another redirect as in:
      private static void removeRenderedMessages(FacesContext ctx) {
          final Iterator<FacesMessage> msgIterator = ctx.getMessages();
          while (msgIterator.hasNext()) {
              if (msgIterator.next().isRendered()) {
                  msgIterator.remove();
      }Is this a bug or a feature (I'm using Mojarra 2.0.2 in Glassfish 3 web profile)? I was under the impression that variables in flash scope survive for exactly one request.
  Cheers,
  Daniel
  [www.flexive.org|http://www.flexive.org]
  [1] [http://en.wikipedia.org/wiki/Post/Redirect/Get|http://en.wikipedia.org/wiki/Post/Redirect/Get]

• Making user policies stay in effect after logout

  We enforce highly restrictive Windows group policies on our student users. Sometimes, a student is able to login offline, so they don't get the restrictive policy. In ZDM 7, we had the ability to make a user policy stay in effect after logout, which would keep the restrictions turned on until a user with less restrictions logged in. Is there a way to do this in ZCM 11? I looked in ZCC, and I can't see any option for this. FYI, we are using ZCM 11.2.2 MU 2.
  Rick P.
  Walla Walla Public Schools

  Originally Posted by craig_wilson
  Kevin,
  Whoever told you that was clueless about GPOs.
  User GPOs are removed at Logout.
  Device GPOs are removed at Shutdown.
  They are removed by Re-Applying the "Blank" GPOs located in
  %zenworks_home%\bin\cachefiles\Orginal_GPO
  (Or something like that w/o looking.)
  These will only exist if a GPO is in place.
  It would be possible to replace those GPO files with your locked down
  files so when User/Machine GPOs are replaced with the "Blank" one, they
  are actually using a Strong GPO.
  On 2/15/2013 7:06 PM, RPummel wrote:
  >
  > kjhurni;2247277 Wrote:
  >> I was told the policies were cached and would remain in effect unless a
  >> new user with a DIFF policy logged in.
  >>
  >> I'll have to dig up my old emails as this was like over a year ago.
  >
  > This may be the theory, but it is not what we have observed in
  > practice.
  >
  > Rick
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  Thanks Craig. Too bad it doesn't remain in effect on logout. Seems like a glaring security hole, IMO compared to how MS does it. OR how ZFD used to do it.
  Guess an RMS is in order?

• NEW FEATURE: Redirect after Submit

  We just released the Redirect after Submit feature on Friday (6/24/11). This has been a very commonly asked for feature. The problem is this - how do I get the respondent back to my website once they successfully filled out the form. Currently the respondent ends on the confirmation page and has to manually navigate back to your website - which is far from optimal.
  This feature is part of the Basic and Plus plans; and it can be found on the "Options" tab under the "Redirect URL" section. This option will work on previously created forms as well as new forms.
  Here is what the UI looks like:
  You have two redirect options:
  Redirect back to the first page of the form - Why would you ever want to do that?? If respondents are filling the form out in person (like an event registration) at a kiosk-like computer or tablet then this feature allows you to automatically redirect back to the beginning of the form (and it will be empty) so the next person in line can fill it out.
  Redirect to a specific URL - Type in the URL to the website you want to redirect and set the amount of time the user sees the confirmation page (the minimum time is 5 seconds).
  Now when the user Submits the data the confirmation page will look something like this:
  After 5 seconds it will automatically redirect back to your website or to the beginning of the form depending on the option you chose.
  Enjoy!
  Randy Swineford
  FormsCentral product manager
  (Randy Swineford, 12/20/2011) Updated description to include new option

  The difference is web forms are used in browsers and PDF forms are often not. Web servers have always been able to return a redirect response that causes the browser to load the specified URL. Most PDF viewers don't know what to do with such a response, but Adobe Reader/Acrobat do know what to do with an FDF response, which is what FormsCentral returns and results in the popup message that you see. PDF forms can be loaded in a browser or directly in Reader/Acrobat or non-Adobe PDF viewer, but in both cases the viewer doesn't know what to do with an HTML redirect response from a web server. This is outside of the control of FormsCentral so it would require a change in the way Reader/Acrobat behaves.
  There is a technique that can be used in PDF viewers that support the app.launchURL JavaScript method (http://livedocs.adobe.com/acrobat_sdk/11/Acrobat11_HTMLHelp/JS_API_AcroJS.89.155.html) and loading form data or triggering JavaScript returned in an FDF, but this method isn't currently supported in the mobile versions of Adobe Reader, so it would only be a partial solution even if FormsCentral were to return the appropriate FDF response.

• Xfce 4.4 - black or no desktop at all after logout

  I have this quite annoying problem with my xfce - after logout starting xfce takes more time and when it finishes I see black screen without icons and wallpaper, but panel, taskbar  are loaded correctly.  checking 'Allow xfce to manage your desktop' option brings no result - I noticed that deleting .cache and .config helps...but not always. Could U help me?

  I don't know if this issue is related or not, but I'll post it. I'm running a fresh install of "duke" with xfce4
  everything was working well. I wanted my desktop icons to remain in a certain order (I didn't want the mounted cd-rom icon at the top of the screen.) so, I went into the xfce settings manager thinking that there would be a setting under desktop preferences. Well I played with the desktop icons drop down menu and now I get this when I try to start xfdesktop:
  (xfdesktop:5747): Pango-WARNING **: shape engine failure, expect ugly output. the offending font is 'Bitstream Vera Sans Not-Rotated 0'
  Segmentation fault
  I'm not sure where to begin. I've already tried updating pango, gtk, and my bitstream fonts.
  UPDATE
  removing: ttf-bitstream-vera & ttf-freefonts brings back xfdesktop, but it looks crappy.
  Last edited by kjs (2007-05-20 23:14:11)

• After logout + session is not terminated

  Hi everyone. I have been using the tutorial Tutorial for Java EE Developers (10.1.3.1.0) and has used the class SRLogout.java to logout the user.
  But the problem is when we click on the back button of the browser. The user can access the page even if he has logout before...
  How can I prevent the user to see the page when using the back button of the browser.
  Thank you for your help
  Regards
  Lutchumaya

  Hi,
  after logging out, redirect to a protected page so the logon scree comes up. Note that the invalidation of the web session doesn't
  - invalidate the ApplicationModule session immediately
  - prevent browser based SSO if basic authentication is used. Using basic authentication, the browser authenticates every page request with a username / password token. If you invalidate the session, then the bowser will re-authenticate the user on the next request
  Frank

• Problem in how to stop displaying previous page after Logout

  <%
  // I invalidate all my session when i logout and comes on Login.jsp page but if i go back still it open
  previous pages
  How i can stop these
  i am adding these line in avery jsp page
  1)
  response.setHeader("pragma","no-cache");
  response.setHeader("Cache-Control","no-cache");
  response.setHeader("Cache-Control","no-store");
  response.addDateHeader("Expires", 0);
  response.setDateHeader("max-age", 0);
  response.setIntHeader ("Expires", -1); //prevents caching at the proxy server
  response.addHeader("cache-Control", "private"); //IE5.x only;
  %>
  2) and in Logout.jsp
  response.sendRedirect("Login.jsp");
  session.invalidate();
  session.removeAttribute("viv");
  still on reaching login page i can move to previous page by clicking back button

  Hi sreenathreddy.
  I am doing exactly what you are talking about.
  On load of each jsp page, I check to see if I am still in session. If i am not, i redirect the user to the login page saying his session has expired.. This works perfectly fine in the sense that after I log out, if I directly type in the url or click on any other link from history, it redirects you to the login page.
  But my problem sitll remained that after logging out, if i clicked the back button, it would still take me to the previous page even though none of the links on that page would work.
  So i added all the response.SetHeaders that are mentioned in this discussion.
  Now the scenario is such that, when i press the back button after logging out, it tells me that the page has expired and i have to resubmit the form.
  There are two problems with this
  1. at this point , if i refresh my page, it still gets the details from the server and even though i am invalidating the session and all the user details, and checking to see if the session is invalidated,it still somehow manages to get all the details(i dont know where that info is stored)
  2. even if the person has not logged out. ie in the middle of a perfectly valid session and clicks on the back button, he is warned that the session has expired.
  please do reply
  thanks
  ritesh

• Problem with authorization after logout (adfc issue?)

  Hi,
  I have an application with implemented ADF Security, and navigation case login.jspx -> home defined in adfc-config.xml ("home" is the name of view activity, page is home.jspx),
  logout is done through redirecting to /adfAuthentication?logout=true&end_url=/faces/login.jspx.
  If I do the login & loguot repeatedly, after 6-7 times (sometimes 2-3, sometimes >10 but definitely happens) after logging in I get authorization exception saying I am not authorized to view home.jspx.
  Note that on adfc-config.xml home.jspx is registered as "home", and if I type "home" in URL instead of "home.jspx", I can access the page.
  Anybody seen similar behavior?
  Thanks,
  Pedja

  Here is a workaround:
  Login button executes this code for authenticating against WLS
      public String login() throws LoginException, IOException {
          String un = (getUsername() == null ? "" : getUsername());
          String pw = (getPassword() == null ? "" : getPassword());
          FacesContext ctx = FacesContext.getCurrentInstance();
          HttpServletRequest request = (HttpServletRequest)ctx.getExternalContext().getRequest();
          CallbackHandler handler = new SimpleCallbackHandler(un, pw.getBytes());
          try {
              ServletAuthentication.login(handler, request);
          } catch (FailedLoginException fle) {
              FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, " ", "Login error!"));
              ctx.addMessage(null, msg);
              return null;
          return "success";
      }If I call response.redirect("/faces/home") instead of returning a navigation action, the error can no longer be reproduced.
  So, is this ADFc or ADFSecurity issue (adfAuthentication servlet gets confused)?
  By the way, I'm using WLS's Default Authenticator, but this behavior has reproduced on few other applications, some of them use SQLAuthenticator, so this is not a WLS issue.
  Pedja