Using a 303 Status Code for Redirects

Additional Server Configuration 6-15 – redirects the user for logout from the remote Federation partners involved in the current user session: this operation is called Global Logout. – finishes the logout operation once the global logout is complete. You can disable the Global Logout flow with Fusion Middleware Control in two ways: ■ globally, by selecting the Local Logout Only setting described in Section 5.2, Configuring Server Properties . ■ on a per-provider basis, by selecting the Do not perform Global Logout with this Provider setting on the Oracle Identity Federation Settings tab of the partner configuration section. While these two approaches provide static control over the logout flow behavior, on-demand global logout lets you specify whether the user can invoke the global logout protocol at runtime. To specify whether the user can choose global logout, you configure the federation server by setting the slouserprefenabled boolean property of the serverconfig group as follows: ■ true to allow the user to choose global logout ■ false to disallow the user from choosing global logout To set the property, enter the WLST script environment for the Oracle Identity Federation server instance, and set the following property: setConfigPropertyserverconfig, slouserprefenabled, true, boolean When on-demand global logout is enabled, the user can choose to perform the WS-FedSAML Logout operation by specifying the globalslo query parameter when invoking the Oracle Identity Federation logout service URL. This parameter is of type boolean, and accepts one of two values: ■ true, meaning that the global logout operation should be performed ■ false, meaning that only the local logout should be performed Following the instructions in Section 4.2.5, Launch the Logout Process , the user invokes the service with a URL similar to: http:hostname:portfeduserlogout?returnurl=http3A2F2Fanotherhostname2Fpath globalslo=false

6.9 Protecting the SOAP Endpoint

Oracle Identity Federation provides two methods to protect the SOAP endpoint used in the SAML 1.x SAML 2.0 Liberty 1.x protocols: ■ SSL with Client Authentication via SSL Certificate: the SOAP endpoint is protected with SSL, and by requiring an SSL Client certificate ■ HTTP Basic Authentication: with this method, the SOAP endpoint is protected using the HTTP Basic Authentication mechanism. Topics include: Note: Liberty 1.x support is deprecated.