Article
Search
Share This
Popular content
Recent comments
Who's online
User login
Novell Access Manager 3 Custom Logout Pages
2358
For many different reasons, it would be nice to have custom logout pages just like NAM can have custom login pages. Maybe we need a custom logout page for the HR department and a different page for the vendor logout page. By default NAM does not support custom logout pages just like we can have custom login pages, but by adding some code to the logoutSuccess.jsp page located on the LAG, we can serve custom logout pages to the browser.
To fix this problem, we must make sure that the logout link, of the web server that we are protecting, calls the correct logout syntax; We must modify the logoutSuccess.jsp page to capture the referer http header and send the browser to a custom logout page which is hosted on another web server. I prefer to host jsp logout pages and on a separate tomcat server to keep modifications to the LAG at a minimum. The tomcat server can be behind the LAG, but the path must be unprotected.
Our steps
- Create the Logout Page
- Modify the logoutSuccess.jsp page on each LAG
- Set the logout Link of the web server
The traffic flow should like this:
This is the simplest part. Just create a page with the logout content that you need. This page can contain the headers, forms, and whatever else. I save all my logout pages as JSP pages because I am hosting them on a tomcat server.
Modifying LAG logoutSuccess.jsp
All users that successfully log out of NAM, land at logoutSuccess.jsp which is located in /opt/novell/nesp/lib/webapps/jsp. The default page contains basic information telling the user that they have successfully logged out. Modify the logoutSuccess.jsp as following. This will capture the referring web-host and then act accordingly. At the top of the page, add the following code.
<%
String site = (String) request.getHeader("referer");
if(site.startsWith("https://www.jaredjennings.org")){
response.setStatus(302);
response.setHeader( "Location", "http://jaredjennings.org/logoutPages/wwwLogout.jsp" );
response.setHeader( "Connection", "close" );
}
%>
The logout URL
The logout URL should the DNS record of a reverse proxy, not the Embedded service provider. Otherwise the referrer would be the hostname of the ESP and would be the same for every reverse proxy and would be indistinguishable.
Example: The protected resource http://www.jaredjennings.org is protecting an apache web server. The logout URL for any page on this web server should be http://www.jaredjennings.org/AGLogout
0