Article

(View Disclaimer)

For many different reasons, it would be nice to have custom logout pages just like NAM can have custom login pages. Maybe we need a custom logout page for the HR department and a different page for the vendor logout page. By default NAM does not support custom logout pages just like we can have custom login pages, but by adding some code to the logoutSuccess.jsp page located on the LAG, we can serve custom logout pages to the browser.

To fix this problem, we must make sure that the logout link, of the web server that we are protecting, calls the correct logout syntax; We must modify the logoutSuccess.jsp page to capture the referer http header and send the browser to a custom logout page which is hosted on another web server. I prefer to host jsp logout pages and on a separate tomcat server to keep modifications to the LAG at a minimum. The tomcat server can be behind the LAG, but the path must be unprotected.

Our steps

1. Create the Logout Page
2. Modify the logoutSuccess.jsp page on each LAG
3. Set the logout Link of the web server

The traffic flow should like this:

Click to view.

Creating the Logout Page

This is the simplest part. Just create a page with the logout content that you need. This page can contain the headers, forms, and whatever else. I save all my logout pages as JSP pages because I am hosting them on a tomcat server.

Modifying LAG logoutSuccess.jsp

All users that successfully log out of NAM, land at logoutSuccess.jsp which is located in /opt/novell/nesp/lib/webapps/jsp. The default page contains basic information telling the user that they have successfully logged out. Modify the logoutSuccess.jsp as following. This will capture the referring web-host and then act accordingly. At the top of the page, add the following code.

<%
String site = (String) request.getHeader("referer");
if(site.startsWith("https://www.jaredjennings.org")){
response.setStatus(302);
response.setHeader( "Location", "http://jaredjennings.org/logoutPages/wwwLogout.jsp" );
response.setHeader( "Connection", "close" );
}
%>

Click to view.

The logout URL

The logout URL should the DNS record of a reverse proxy, not the Embedded service provider. Otherwise the referrer would be the hostname of the ESP and would be the same for every reverse proxy and would be indistinguishable.

Example: The protected resource http://www.jaredjennings.org is protecting an apache web server. The logout URL for any page on this web server should be http://www.jaredjennings.org/AGLogout

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.