2.2 Customizing the Identity Server Logout

You can also use the following methods to modify the Identity Server logout page:

To customize the logout page when the user logs out of an Access Gateway protected resource, see Customizing Logout Requests in the NetIQ Access Manager 3.1 SP5 Access Gateway Guide.

2.2.1 Rebranding the Logout Page

The branding in the header of the logout page is controlled by the branding of the nidp.jsp file. If you have modified this file for a customized login, the same branding appears in the logout page. For information on how to modify nidp.jsp for logos, titles, and colors, see Rebranding the Header.

IMPORTANT:Save a copy of your modified nipd.jsp file. Every time you upgrade your Identity Server, you need to restore this file.

2.2.2 Replacing the Logout Page with a Custom Page

You can create your own logout page and configure the Identity Server to use it. To do this, you need to modify the logoutSuccess.jsp file on the Identity Server. It is located in the following directory:

Linux: /var/opt/novell/tomcat5/webapps/nidp/jsp

Windows Server 2003: \Program Files\Novell\Tomcat\webapps\nidp\jsp

Windows Server 2008: \Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp

The logoutSuccess.jsp file is called in a frame from the nidp.jsp file. You can modify the file to display what you want or you can modify it to redirect the user to your custom page. One way to provide redirection is to replace the information in the <body> element of the file with something similar to the following:

<body> 
      <script language="JavaScript"> 
        top.location.href='http://<hostname/path>'; 
      </script>     
</body>

Replace the <hostname/path> string with the location of your customized logout page.

IMPORTANT:Save a copy of your modified logoutSuccess.jsp file. Every time you upgrade your Identity Server, you will need to restore this file.

2.2.3 Configuring for Local Rather Than Global Logout

By default, when the Identity Server receives a logout request, the Identity Server logs the user out of any identity providers and service providers to which the user has authenticated. If you want to modify this behavior so that the logout request logs the user out of just the Identity Server and leaves the user authenticated to identity providers and service providers, you need to add the following query string to the logout URL:

?local=true

The logout URL has the following format:

<Base_URL>/app/logout

Replace <Base_URL> with the base URL of your Identity Server. If the base URL of your Identity Server was hhb1.provo.novell.com:8443, your local logout URL would be the following:

https://hhb1.provo.novell.com:8443/app/logout?local=true

To modify the logout.jsp file so that it performs a local logout:

  1. At the Identity Server, open the logout.jsp file.

    Linux: /var/opt/novell/tomcat5/webapps/nidp/jsp

    Windows Server 2003: \Program Files\Novell\Tomcat\webapps\nidp\jsp

    Windows Server 2008: \Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp

  2. Find the following line in the file:

    <form method="post" target="_top" action="<%= request.getContextPath() %>/app/logout">
    
  3. To the /app/logout string, add ?local=true. This modified line should look similar to the following:

    <form method="post" target="_top" action="<%= request.getContextPath() %>/app/logout?local=true">
    
  4. Save the file.

  5. Copy the file to each Identity Server in the cluster.

  6. Back up this file.