Logout#
Logout is handled by an always enabled subroute of the Authentication endpoint. When the user is redirected to the Logout endpoint all sessions are killed.
There are two sessions in play:
- The Authentication Session (SSO session) that represents past logins that are still valid
- The current session for login. This is not an SSO session, but rather the login state.
Both are reset when the user hits logout. All login sessions are revoked.
Logging out does not revoke all all OAuth tokens issued for the user if that profile is also in use. Only the authenticated sessions are revoked.
Endpoint#
Logout is available on the authentication endpoint under /logout. If the authentication profile is configured with the path /authenticate then the logout will be /authenticate/logout
Redirect After Logout#
If there is no configured redirect and the request does not contain a redirect, the user will be shown a logout page. This page can be customized by overriding the template views/logout/index.vm.
When logging out there usually doesn’t exist a template area. So the logout template can usually only be overridden
in the overrides package.
Using configuration#
It’s possible to configure a default redirect URL that the user will be sent to after logout. This is done by setting the parameter in the Authentication service configuration.
Using query parameter#
Another option is to pass the query parameter redirect_uri=https://your-resume-url to the logout request. This will have the same effect.
When redirecting after logout, remember to also whitelist the URL under redirect-url-whitelist .
# A Logout request with redirect_uri parameter
https://id.example.com/authenticate/logout?redirect_uri=https://mysite.example.comConfiguration#
There is no specific configuration neeed for Logout to be active. The only requirement is that the authentication endpoint is present.
Optionally one can configure the parameter for a default redirect after logout.