Release Notes › Known Issues › Identity Asserter Not Propagating New User’s Identify into the WebLogic Server After Logoff and Login (36161)
Identity Asserter Not Propagating New User’s Identify into the WebLogic Server After Logoff and Login (36161)
Symptom:
The following steps describe this limitation:
- In single Web browser session, one user was successfully authenticated, authorized, and granted access to a Web application by SiteMinder and the WebLogic Server.
- The user logged out of SiteMinder using the logoff URI.
- In the same Web browser session, a second user was successfully authenticated and authorized by SiteMinder and the WebLogic Server.
- When the second user accessed the same Web Application, the WebLogic Server identified him as the first user, based on the Web browser headers.
The Identity Asserter log file did not show that the identity of the second user was ever asserted. Further, the WebLogic Server never issued a new JSession cookie. The first user was logged out of the SiteMinder session but not the WebLogic Server session. In this scenario, the SiteMinder Agent for BEA WebLogic functions as designed since the synchronization of the SiteMinder logoff and WebLogic logoff is not required.
Solution:
As a workaround, do one of the following:
- Link the SiteMinder logoff URI with that of the WebLogic Server application's logoff URI. Then, upon log off, users are logged out of the SiteMinder and WebLogic Server together.
- In SiteMinder logoff page, explicitly remove the JSESSION cookie that used by the WebLogic Server for maintaining users' sessions.
