Question

5
Replies
1224
Views
Chunzhi_Hong Member since 2013 136 posts
PEGA
Posted: 4 years ago
Last activity: 4 years 2 months ago
Closed

7.2 Log off redirection setting doesn't work

I am using personal edition 7.2 and found that "log off redirection" setting doesn't work.

I was redirected to the login screen, although I've selected option "Show log off screen".

 

***Updated by Moderator: Marissa. Added Category***

Security System Administration
Close popover
Moderation Team has archived post
Posted: 4 years ago

Hi Chunzhi,


That is due to below line of code in your Web-Session-Return HTML file.  This piece of code always redirects to login URL. (you can give a try by doing a preview of this HTML Stream)


    <META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">


Please replace the above line with the below piece of code which has a when condition.


<pega:when java="<%= tools.getParamValue("redTo").equals("RedirectToLoginScreen")%>">


    <META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">


</pega:when>


And make sure you save the Web-Session-Return html in your rulesets and add this ruleset to UnAuthenticated access group on browser requestor type to see the changes.


This will work based on the setting you chose on your application rule form.


BR//


Harish

Posted: 4 years ago

Hi Hong,


The Activity Code-Security.Logoff sends the value of this setting to Code-Security.EndSession. The activity Code-Security.EndSession then displays different HTML based on this parameter value:
RedirectToLoginScreen = Web-Login
< AnythingElse> = Web-Session-Return


When using "Show Log off Screen" this ends up calling "Web-Session-Return".


The HTML for Web-Session-Return has a meta refresh in it that takes the user back to the login screen:


<META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">


The Section rule "Web-Session-Return" is not marked as final so customizations can be done to it..Save as web-session-return to your ruleset,remove above line of code and add your own log-off image.

 

Posted: 4 years ago

Altough there is work around solution, the default behavior for "Show log off screen" option, which redirects to login screen, doesn't make any sense. If there is no difference between "Show log off screen" and "Redirect to log in screen" why do we need this configuration option at all?


I remember that V6.3 has OOTB log off screen and it simply works as expected if you select "Show log off screen" option. 


 

Posted: 4 years ago

Hi Chunzhi,


 I agree with you. I've raised the same concern few months ago and logged a bug regarding the Log Off redirection setting. As the web-session-return is an available rule,  this was the solution I've got from our teams.


<pega:when java="<%= tools.getParamValue("redTo").equals("RedirectToLoginScreen")%>">


    <META http-equiv="refresh" content="0;URL=<pega:reference name="$save(servURL)" />">


</pega:when>


 

Posted: 4 years ago

would updating step#1 Show-HTML from Web-Session-Return to Web-Session-Return-Template in RULE-OBJ-ACTIVITY CODE-SECURITY ENDSESSION makes a difference? please share your thoughts/observations, Thank you!
Share this page LinkedIn
Copied!