The logoff screen Image is missing when logging out through SSO
The logout splash screen image shown using a binary file in a Web-Session-Return HTML is not displaying. The image is displayed using any other portal.
Steps to Reproduce
A defect or incorrect configuration in the Pega Platform operating environment
GET http://your_host:your_port/prweb/WSSOExtServlet/9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*/images/<IMG>.gif HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Cookie: __utma=208148301.1976038235.1403137470.1403564118.1403566489.7; __utmz=208148301.1403137470.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
This response is NOT from PRPC but from the third-party security software.
HTTP/1.1 302 Found
Date: Tue, 24 Jun 2014 04:04:27 GMT
Server: IBM_HTTP_Server/ip_address Apache/2.0.47 (Unix) DAV/2
Set-Cookie: ObSSOCookie=loggedoutcontinue; path=/; domain=.your_domain;
Keep-Alive: timeout=10, max=98
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<p>The document has moved <a href="https://your_url.org/your_cgi.cgi?wh%3your_node%20wu%3D%2Fprweb%2FWSSOExtServlet%2F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%2Fimages%2FKPSplashWater.gif%20wo%3D1%20rh%3Dhttp%3A%2F%2Fyour_url.org%3A88%20ru%3D%252Fprweb%252FWSSOExtServlet%252F9lq_-2ILkjgqdWeo9trotl2HbrY2bQ7w*%252Fimages%252FKPyour_image.gif">here</a>.</p>
<address>IBM_HTTP_Server/ip_address Apache/2.0.47 (Unix) DAV/2 Server at your_url.org Port your_port</address>
To get the image to display, you need to copy Web-Session-Return into your application ruleset and remove the following script:
Note: This has already been removed in newer versions of PRPC.
Because the session cookies for the third-party security software are no longer removed, when you click the Return to Application button, you will NOT get redirected to the third-party security login screen.
Perform the following local-change:
Use a third-party security software logoff URL when using SSO instead of displaying the default PRPC Web-Session-Redirect HTML.
0% found this useful