Zheng Tech Blog

There are a couple of ways to invalidate the session in WebCenter Portal (or ADF) application. They are not the same. They all would invalidate the user session which is intended. The main difference is around whether the session will be removed after it's invalidated. In this post, I will walk through this. In WebCenter Portal framework application, the built-in page template already has a logout function provided. Let's take a look at it. Create a WebCenter portal application and open up the page template as below In this JSPX file, you will find a logout command link with action specified as "#{o_w_s_l_LoginBackingBean.doLogout}". The source code of this bean is not available unless you trace back to the shipped libraries that were installed with Jdeveloper. Let's take a look at the effect of the logout function. Run the portal application. Open the local weblogic console, navigate to the deployment, find your application, go to applicatio...

In case of OAM authentication failures, the OAM server will send the error codes back to the client. It's up to the client to decide what actual error message needs to be displayed on different types of authentication failures. For the list of the standard error codes, you can refer to here . To getting the error code on the client side, they are different based on whether it's ECC or DCC authentication. I have not found this difference documented in anywhere yet. So I am putting it in this blog post. DCC (Detached Credential Collector) is introduced in OAM 11gR2. ECC is embedded credential collector. My previous post has described its concept and advantages, so I will not repeat it here. For ECC, the link above also shows a code snippet to get the error code parameter "p_error_code". The error code is returned back as one of the request parameters on the browser URL. So it can be accessed by calling request.getParameter("p_error_code"). <%@page i...