Logout

Logout is handled by an always enabled subroute of the Authentication endpoint. When the user is redirected to the Logout endpoint all sessions are killed.

There are two sessions in play:

  1. The Authentication Session (SSO session) that represents past logins that are still valid
  2. The current session for login. This is not an SSO session, but rather the login state.

Both are reset when the user hits logout. All login sessions are revoked.

Important

Logging out does not revoke all all OAuth tokens issued for the user if that profile is also in use. Only the authenticated sessions are revoked.

Endpoint

Logout is available on the authentication endpoint under /logout. If the authentication profile is configured with the path /authenticate then the logout will be /authenticate/logout

../_images/endpoints.png

Fig. 140 Endpoint configuration

Redirect After Logout

If there is no configured redirect and the request does not contain a redirect, the user will be shown a logout page. This page can be customized by overriding the template views/logout/index.vm.

../_images/logout-screen.png

Fig. 141 Page view after Logout

Note

When logging out there usually doesn’t exist a template area. So the logout template can usually only be overridden in the overrides package.

Using configuration

It’s possible to configure a default redirect URL that the user will be sent to after logout. This is done by setting the logout-redirect-url parameter in the Authentication service configuration.

../_images/redirect-setting.png

Fig. 142 Redirect setting for Logout in the Authentication Service General section

Using query parameter

Another option is to pass the query parameter redirect_uri=https://your-resume-url to the logout request. This will have the same effect.

When redirecting after logout, remember to also whitelist the URL under whitelist.

Important

All redirect URLs must be whitelisted in the authentication profile whitelist

Listing 119 A Logout request with redirect_uri parameter
https://id.example.com/authenticate/logout?redirect_uri=https://mysite.example.com

Configuration

There is no specific configuration neeed for Logout to be active. The only requirement is that the authentication endpoint is present.

Optionally one can configure the logout-redirect-url parameter for a default redirect after logout.