Managing OAM Identity Assertion on IBM WebSphere 7-23 4. Proceed to Configuring OPSS for SSO Logout with Oracle Access Manager .

7.10.2.2 Configuring OPSS for SSO Logout with Oracle Access Manager

Application configuration for logout depends on whether you have an ADF-coded application integrated with OPSS versus not integrated with OPSS. This topic focuses on ADF-coded applications that are integrated with OPSS. The following procedure is similar to configuring logout for 10g WebGates, with a specific step for ADF-coded applications, which must send the end_url value to identify where to redirect the user after logout processing. However, with ADF-coded applications, logout occurs when the application causes the following URI to be invoked: app context rootadfAuthentication?logout=trueend_url=any uri To configure OPSS for SSO Logout with OAM 1. Locate and open the jps-config .xml file in the following path: was_profile_dirconfigcellscell_namefmwconfigjps-config.xml

2. Within jps-config .xml, add the following propertySet name=props.auth.uri.0

element and values: ?xml version=1.0 encoding=UTF-8 standalone=yes? jpsConfig xmlns=http:xmlns.oracle.comoracleasschema11jps-config-11_ 1.xsd xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation=http:xmlns.oracle.comoracleasschema11jps-config-11_ 1.xsd property value=off name=oracle.security.jps.jaas.mode propertySets . propertySet name=props.auth.uri.0 property value=oamssologout.html name=logout.url property value={app.context}adfAuthentication name=login.url.BASIC property value={app.context}adfAuthentication name=login.url.ANONYMOUS property value={app.context}adfAuthentication name=login.url.FORM propertySet propertySet name=props.auth.level.0 property value=0 name=type-level:ANONYMOUS property value=1 name=type-level:BASIC property value=2 name=type-level:FORM . propertySets

3. Within jps-config .xml, add the following serviceProviders element and values:

... propertySets serviceProviders serviceProvider class=oracle.security.jps.internal.sso.SsoService Provider name=sso.provider.0 type=SSO serviceProviders

4. Within jps-config .xml, add the following serviceInstances element and values:

?xml version=1.0 encoding=UTF-8 standalone=yes? ... serviceProviders serviceInstances 7-24 Oracle Fusion Middleware Third-Party Application Server Guide . . serviceInstance provider=sso.provider.0 name=sso.inst.0 property value=oracle.security.jps.wls.internal.sso.WlsToken Provider name=token.provider.class property value=2 name=default.auth.level property value=oracle.security.wls.oam.providers.sso.OAMSSO ServiceProviderImpl name=sso.provider.class property value=OAMSSOToken name=token.type propertySetRef ref=props.auth.uri.0 propertySetRef ref=props.auth.level.0 serviceInstance . . serviceInstances 5. Within jpsContexts, add the highlighted serviceInstanceRef ref=sso.inst.0 element and value: ?xml version=1.0 encoding=UTF-8 standalone=yes? ... serviceInstances jpsContexts default=default jpsContext name=default serviceInstanceRef ref=credstore serviceInstanceRef ref=keystore serviceInstanceRef ref=policystore.xml serviceInstanceRef ref=audit serviceInstanceRef ref=idstore.ldap serviceInstanceRef ref=sso.inst.0 jpsContext jpsContexts jpsConfig 6. In the Oracle Access Manager policy, protect oamssologout.html with the Anonymous Authentication scheme, as described in theOracle Fusion Middleware Administrators Guide for Oracle Access Manager. 7. Proceed to Configuring oamAuthenProvider.jar in the IBM WebSphere classpath