Logout is handled by an always enabled subroute of the Authentication endpoint. When the user is redirected to the Logout endpoint all sessions are killed.
There are two sessions in play:
Both are reset when the user hits logout. All login sessions are revoked.
Logging out does not revoke all all OAuth tokens issued for the user if that profile is also in use. Only the authenticated sessions are revoked.
Logout is available on the authentication endpoint under /logout. If the authentication profile is configured with the path /authenticate then the logout will be /authenticate/logout
Fig. 126 Endpoint configuration
If there is no configured redirect and the request does not contain a redirect, the user will be shown a logout page. This page can be customized by overriding the template views/logout/index.vm.
Fig. 127 Page view after Logout
When logging out there usually doesn’t exist a template area. So the logout template can usually only be overridden in the overrides package.
It’s possible to configure a default redirect URL that the user will be sent to after logout. This is done by setting the logout-redirect-url parameter in the Authentication service configuration.
Fig. 128 Redirect setting for Logout in the Authentication Service General section
Another option is to pass the query parameter redirect_uri=https://your-resume-url to the logout request. This will have the same effect.
When redirecting after logout, remember to also whitelist the URL under whitelist.
All redirect URLs must be whitelisted in the authentication profile whitelist
There is no specific configuration neeed for Logout to be active. The only requirement is that the authentication endpoint is present.
Optionally one can configure the logout-redirect-url parameter for a default redirect after logout.