0

In WebSeal, there's a junction configured for a web application. Obviously, when the context is called (/app), the Login popup of WebSeal is invoked, and the user provides the username and the password.

The application receives from WebSeal's request a header that I use in order to retrieve the username and login to the user.

Now the point is that I need to logout, I am destroying the session, however WebSeal's "session" (let's say it that way) remains alive, so if I invoke the context again (/app), I never receive the popup again, the header with the username is already there.

I'm invalidating the session using:

FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

Is there any known idea on how I should force the browser to re-invoke WebSeal's login popup?

ᄂ ᄀ
  • 5,669
  • 6
  • 43
  • 57
Ali Bassam
  • 9,691
  • 23
  • 67
  • 117
  • show `javax.faces.event.PhaseListener` – Piotr Rogowski Mar 28 '17 at 06:36
  • @Abihabi87 can you please explain more what you need? To implement the Phase Listener? – Ali Bassam Mar 28 '17 at 06:45
  • 2
    To logout from webseal you have to call `/pkmslogout`. See [Webseal Logout](https://www.ibm.com/support/knowledgecenter/SSP4XS_2.1.0/com.ibm.icip.doc/eai_integration/r_eai_webseal_logout.html). So redirect to that url after you invalidate application session. – Gas Mar 28 '17 at 09:13
  • 1
    @Gas, your comment should be an answer! – anacron Mar 28 '17 at 09:25

0 Answers0