7-20 Oracle Fusion Middleware Third-Party Application Server Guide

2. Modify oamtai.xml

: Use parameters in Table 7–4 with values for your deployment to a establish a connection with the Access Server.

3. Header Based Assertion

: In the oamtai.xml file, perform the following steps. a. Uncomment the assertionType entry and retain the value HeaderBasedAssertion. b. Uncomment the customHeaderName entry and set the value as desired Table 7–4 . 4. Save the file.

5. OAM Policy:

Use the same customHeaderName value when configuring the OAM policy. 6. Restart IBM WebSphere for changes to take affect.

7.10 Configuring SSO Logout for OAM IAP for IBM WebSphere

This section describes logout with the OAM IAP for IBM WebSphere. ■ Configuring Logout for Generic or Non-ADF Applications ■ Configuring Logout for ADF-Coded Applications

7.10.1 Configuring Logout for Generic or Non-ADF Applications

In non-ADF applications, logout is initiated when an application causes the invocation of the logout.html that is configured as the target in the applications logout link. The logout.html file can be placed at the Web server’s doc root, or it can be part of the IBM WebSphere application. If you are using your own logout.html, you can embed Example 7–3 JavaScript to invoke delOblixCookie upon loading the page body. The LTPAToken is deleted by JavaScript; ObSSOCookie is deleted by WebGate. body onload=delOblixCookie; Example 7–3 JavaScript to invoke delOblixCookie function delCookiename,path,domain { var today = new Date; var deleteDate = new Datetoday.getTime - 48 60 60 1000; minus 2 days var cookie = name + = + path == null ? : ; path= + path + domain == null ? : ; domain= + domain + ; expires= + deleteDate; document.cookie = cookie; } function delOblixCookie { set focus to ok button var isNetscape = document.layers; if isNetscape == false || navigator.appVersion.charAt0 = 5 { for var i=0; idocument.links.length; i++ { if document.links[i].href == javascript:top.close { document.links[i].focus; break; } } Managing OAM Identity Assertion on IBM WebSphere 7-21 } delCookieObTEMC, ; delCookieObSSOCookie, ; delCookieLtpaToken, ; delCookieLtpaToken2, ; in case cookieDomain is configured delete same cookie to all of subdomain var subdomain; var domain = new Stringdocument.domain; var index = domain.indexOf.; while index 0 { subdomain = domain.substringindex, domain.length; if subdomain.indexOf., 1 0 { delCookieObTEMC, , subdomain; delCookieObSSOCookie, , subdomain; delCookieLtpaToken, , subdomain; delCookieLtpaToken2, , subdomain; } domain = subdomain; index = domain.indexOf., 1; } } To configure logout for generic non-ADF applications 1. Locate the desired logout.html file. 2. Add the JavaScript in Example 7–3 to logout.html to invoke delOblixCookie upon loading the page body. 3. In the Oracle Access Manager policy, protect logout.html using the Anonymous Authentication Scheme, as described in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager.

7.10.2 Configuring Logout for ADF-Coded Applications