This entry describe how to configure single logout between Identity Manager and OpenSSO. In the Identity Manager WAR, /idm is the base context of the deployment and thus the admnistrator area; /idm/user is the user area. You should be able to do the following:
  • If logged out of the administration area, the person should be redirected to the same upon re-login.
  • If logged out of the user area, the person should be redirected to the same upon re-login.
A policy agent protecting Identity Manager protects both areas and the agent's OpenSSO profile needs to be configured to allow for the separate functions. This first procedure illustrates how to configure OpenSSO.
  1. Log in to the OpenSSO administration console as the administrator.
  2. Click the Access Control tab.
  3. Click the appropriate realm name and navigate to the agent profile for the policy agent that protects Identity Manager.
  4. Under the agent profile, click the Application tab.
  5. Click Logout Processing.
  6. Add the following map keys and values to the Application Logout URI property:
    • idm=/idm/logout.jsp
    • idm/user=/idm/user/userLogout.jsp
  7. Add the following map and key values to the Logout Entry URI property:
    • idm=/idm
    • idm/user=/idm/user
  8. Click Save.
  9. Log out of OpenSSO.
These properties are hot-swappable in that they do not require a restart of OpenSSO to take effect. This second procedure illustrates how to test the configuration.
  1. Log into Identity Manager.
  2. In the Identity Manager application window, click Logout IDM.
    This should log you out of both Identity Manager and OpenSSO and then redirect you back to the OpenSSO login page.
  3. Log in to OpenSSO.
    You should be redirected to the specific Identity Manager administrator or user profile.
I watched the movie version of the musical Hair last night and remembered what a wonderful, vibrant motion picture that it is. Here is Good Morning Starshine as sung by Beverly D'Angelo who, for Entourage fans, played Mandy Moore's agent.