Results 1 to 4 of 4
  1. #1
    Join Date
    Dec 2007
    Posts
    1
    Rep Power
    0

    Default How to logoff siteminder

    In our struts application we are using the siteminder for the authentication of the users. Whenever the user is authenticated by the siteminder the user is being taken to the application welcome page.Then user performs his own activities and after that whenever he is logging out, i am taking him to the logout page and before that i am clearing all the sessions using the session.invalidate and also setting the session = null. I porvide a link the logout page where the user can click to relogin to the application. So whenever the user clicks on it he should be prompted with the siteminder login screen, instead it is directly taking me to the application. So i dont know wht to do. But i close the window and open the new window i am getting that loing prompt.But when the users types the same URL in the same page he is taken into the application without login screen

    Please help me with this issue

  2. #2
    felixtfelix is offline Member
    Join Date
    Dec 2007
    Location
    Mumbai, India
    Posts
    37
    Rep Power
    0

    Default

    Hi,

    Not clear from your points. After calling the logout action you can directly forward the page to the login screen using a forward with that action. I hope you will maintain the user id in the session value ,if the session value is null then you can redirect the user to the login page. Simple way to do this kind of thing is to use the Filter. The Filter is a one which will get called before or after( depending upon your need ) every request. so in that class you can check whether the session is null or not. If it is null then you can redirect to the login_page.

    Regards
    Felix T

  3. #3
    felixtfelix is offline Member
    Join Date
    Dec 2007
    Location
    Mumbai, India
    Posts
    37
    Rep Power
    0

    Default

    For the Filter refer

    Java(TM) Boutique - Writing Servlet Filters

    for an example

  4. #4
    koteshmail is offline Member
    Join Date
    Feb 2010
    Posts
    1
    Rep Power
    0

    Default

    The beauty of siteminder is you can specify logoffuri in ACO settings which clears the the sessions of authenticated user.

    No need of worrying about your application code. You can write your application which logout the application session not siteminder session.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •