Managing OAM Identity Assertion on IBM WebSphere 7-21 } delCookieObTEMC, ; delCookieObSSOCookie, ; delCookieLtpaToken, ; delCookieLtpaToken2, ; in case cookieDomain is configured delete same cookie to all of subdomain var subdomain; var domain = new Stringdocument.domain; var index = domain.indexOf.; while index 0 { subdomain = domain.substringindex, domain.length; if subdomain.indexOf., 1 0 { delCookieObTEMC, , subdomain; delCookieObSSOCookie, , subdomain; delCookieLtpaToken, , subdomain; delCookieLtpaToken2, , subdomain; } domain = subdomain; index = domain.indexOf., 1; } } To configure logout for generic non-ADF applications 1. Locate the desired logout.html file. 2. Add the JavaScript in Example 7–3 to logout.html to invoke delOblixCookie upon loading the page body. 3. In the Oracle Access Manager policy, protect logout.html using the Anonymous Authentication Scheme, as described in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager.

7.10.2 Configuring Logout for ADF-Coded Applications

In ADF coded Fusion Middleware Applications such as Oracle WebCenter, single sign off is achieved through OPSS. For details, see the following topics: ■ Configuring WebGate for Logout ■ Configuring OPSS for SSO Logout with Oracle Access Manager ■ Configuring oamAuthenProvider.jar in the IBM WebSphere classpath ■ Verifying SSO Logout

7.10.2.1 Configuring WebGate for Logout

This topic provides an example Example 7–4 and procedure that you can use and customize to logout an application protected by OAM 10g with a 10g WebGate To configure WebGate for logout 1. Create and edit logout.html for the WebGate based on Example 7–4 : add and call the function handleLogout for redirecting the logout request to the end URL specified in the logout URL Note: Example 7–4 applies only for an end URI of a single word. For a long URI, you must update the parsing logic accordingly. 7-22 Oracle Fusion Middleware Third-Party Application Server Guide Example 7–4 Sample logout.html Script html head script language=javascript type=textjavascript function handleLogout { get protocol used at the server httphttps var webServerProtocol = window.location.protocol; get server host:port var webServerHostPort = window.location.host; get query string present in this URL var origQueryString = window.location.search.substring1; vars to parse the querystring var params = new Array; var par = new Array; var val; if origQueryString = null origQueryString = { params = origQueryString.split; search for end_url and redirect the user to this for var i=0; iparams.length; i++ { par = params[i].split=; if end_url == par[0] { endUrlVal = par[1]; check if val value of end_url begins with or 2F is it an URI? if endUrlVal.substring0,1 == || endUrlVal.substring0,1 == { if endUrlVal.substring0,1 == endUrlVal = + endUrlVal.substring3; modify the end_url value now endUrlVal = webServerProtocol + + webServerHostPort + endUrlVal; } redirect the user to this URL window.location.href = endUrlVal; } } } } script head body onLoad=handleLogout; h3You have been logged outh3 body html 2. Store your logout.html script to WebGate_install_diroamssologout.html 3. In the httpd.conf file, ensure following entries exist under the WebGate block: Alias oamsso webage-install-diraccessoamsso LocationMatch oamsso Satisfy All LocationMatch Managing OAM Identity Assertion on IBM WebSphere 7-23 4. Proceed to Configuring OPSS for SSO Logout with Oracle Access Manager