Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

The logoff screen Image is missing when logging out through SSO

SA-204

Summary



The logout splash screen image shown using a binary file in a Web-Session-Return HTML is not displaying. The image is displayed using any other portal.

Error Messages



Not Applicable


Steps to Reproduce



Not Applicable


Root Cause



A defect or incorrect configuration in the Pega Platform operating environment 


The problem is with a piece of JavaScript contained within WEB-SESSION-RETURN:

<script type="text/javascript">
document.execCommand("ClearAuthenticationCache","false");
</script>


This is an Internet Explorer-only method of clearing Session Cookies, but it clears all of them, not just PRPC. You have already logged off from PRPC, and this JavaScript code clears
all session cookies from Internet Explorer memory. This is NOT a logoff! So when the HTML document tries to access the image it is redirected by your front-end security software.

Image Request:

GET http://your_host:your_port/prweb/WSSOExtServlet/9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*/images/<IMG>.gif HTTP/1.1
Accept: */*
Referer: http://
your_host:your_port/prweb/WSSOExtServlet/9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*/!STANDARD?pyActivity=Code-Security.EndSession&pzAuth=guest
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: your_URL:your_port
Connection: Keep-Alive
Cookie: __utma=208148301.1976038235.1403137470.1403564118.1403566489.7; __utmz=208148301.1403137470.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


This response is NOT from PRPC but from the third-party security software.

HTTP/1.1 302 Found
Date: Tue, 24 Jun 2014 04:04:27 GMT
Server: IBM_HTTP_Server/ip_address Apache/2.0.47 (Unix) DAV/2
Set-Cookie: ObSSOCookie=loggedoutcontinue; path=/; domain=.your_domain;
Location: https://your_host/obrareq.cgi?wh%
3your_node%20wu%3D%2Fprweb%2FWSSOExtServlet%2F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%2Fimages%2FKPSplashWater.gif%20wo%3D1%20rh%3Dhttp%3A%2F%2Fyour_url.org%3A88%20ru%3D%252Fprweb%252FWSSOExtServlet%252F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%252Fimages%252FKPSplashWater.gif
Content-Length: 622
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://your_url.org/your_cgi.cgi?wh%3your_node%20wu%3D%2Fprweb%2FWSSOExtServlet%2F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%2Fimages%2FKPSplashWater.gif%20wo%3D1%20rh%3Dhttp%3A%2F%2Fyour_url.org%3A88%20ru%3D%252Fprweb%252FWSSOExtServlet%252F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%252Fimages%252FKPyour_image.gif">here</a>.</p>
<hr />
<address>IBM_HTTP_Server/
ip_address Apache/2.0.47 (Unix) DAV/2 Server at your_url.org Port your_port</address>
</body></html>


To get the image to display, you need to copy Web-Session-Return into your application ruleset and remove the following script:

<script type="text/javascript">
document.execCommand("ClearAuthenticationCache","false");
</script>


Note: This has already been removed in newer versions of PRPC.

Because the session cookies for the third-party security software are no longer removed, when you click the Return to Application button, you will NOT get redirected to the third-party security login screen.

Usually with SSO, modifying the Web-Session-Redirect to take the user back to the third party security login screen 
would be the best approach here. Do this by adding Meta tags or JavaScript into Web-Session-Redirect that redirects them to a "logoff" URL used by the third-party security software.


Resolution



Perform the following local-change:
Use a third-party security software logoff URL when using SSO instead of displaying the default PRPC Web-Session-Redirect HTML.

Published March 7, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice