IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this forum will no longer be available. More details available on our FAQ.
Topic
  • 3 replies
  • Latest Post - ‏2019-04-26T03:37:29Z by D7GM_Venkatesh_Perumal
trueDev
trueDev
3 Posts

Pinned topic Websphere portal Single sign on logout

‏2016-07-21T06:09:03Z |

Hi,

Appreciate if anybody can clarify following question.

I have a Single Sign On using LTPA between a remote  WAS 7 and WebSphere Portal 7. Normally LTPA token is generated by WAS and propagated to websphere portal. I want to understand when user logs out from Portal, do we need to log user out from remote WASas well? How does remote WAS will know that LTPA token has been cleared in Remote WebSphere Portal? How do we achieve Single Sign On logout?

 

Thanks,

 

  • jim.barnes
    jim.barnes
    1074 Posts

    Re: Websphere portal Single sign on logout

    ‏2016-07-21T12:00:53Z  

    I guess the question is this, for the remote was 7, is the browser ever making direct contact? or are you making all the calls through portal code on behalf of the user?

    If the first and they share the ltpa signing out of one invalidates it when they go to the other as the cookie is destroyed and they would never be able to get the old back.

    If the second then you would need to destroy the cookie wherever you are keeping it, since it is gone, the next time you access the server since no ltpa token it makes you authenticate again.

     

  • TimK(USA)
    TimK(USA)
    21 Posts

    Re: Websphere portal Single sign on logout

    ‏2019-04-25T15:14:00Z  

    I guess the question is this, for the remote was 7, is the browser ever making direct contact? or are you making all the calls through portal code on behalf of the user?

    If the first and they share the ltpa signing out of one invalidates it when they go to the other as the cookie is destroyed and they would never be able to get the old back.

    If the second then you would need to destroy the cookie wherever you are keeping it, since it is gone, the next time you access the server since no ltpa token it makes you authenticate again.

     

    I hate to post to an old topic, but my concern is somewhat directly related to this.

    So you're saying the only way to consider the SSO session logged out is to destroy the LTPA cookie on the client side so it will no longer be used?

    What if a user were to retain the LTPA cookie and use it later?  Is there anything on the server side that destroys the LTPA cookie so that it can no longer be used in the future?  I'm on Portal 8.5.

    Updated on 2019-04-25T16:31:25Z at 2019-04-25T16:31:25Z by TimK(USA)
  • D7GM_Venkatesh_Perumal
    54 Posts

    Re: Websphere portal Single sign on logout

    ‏2019-04-26T03:37:29Z  
    • TimK(USA)
    • ‏2019-04-25T15:14:00Z

    I hate to post to an old topic, but my concern is somewhat directly related to this.

    So you're saying the only way to consider the SSO session logged out is to destroy the LTPA cookie on the client side so it will no longer be used?

    What if a user were to retain the LTPA cookie and use it later?  Is there anything on the server side that destroys the LTPA cookie so that it can no longer be used in the future?  I'm on Portal 8.5.

    Hi, We can also perform the logout programatically using the PortletStateManagerService which will invalidate the session on Server side (similar logout action upon clicking the portal admin console logout link). Just configure this logout portlet on a page and trigger the page from wherever needed.