Search
K

Single logout

Single logout can be used to logout users from the orchestrator and its dependent IDPs. An example sequence diagram of the SLO flow can be found below.
single logout sequence_diagram
By default, the orchestrator does the following upon logout:
  • Expires all cookies associated with the request
  • Evicts the session
  • Logs the user out of the IDPs associated with the session

Config Options

Logout URL

logoutURL is the endpoint clients call to trigger a logout. This endpoint is hosted by the orchestrator and must reside on the same domain.
Ensure all connectors that are used as an IDP define the necessary logout related fields.

Post-Logout Redirect URL

postLogoutRedirectURL is an optional field used to define the URL to redirect the client to after the single logout process is complete. If not specified, the client will be shown a message that logout has completed successfully.

Post-Logout Service Extension

postLogoutSE is an optional field used to define a Service Extension that controls the behavior after a logout has occurred. This Service Extension is executed before the redirect to the postLogoutRedirectURL occurs.

Example Configurations

Base Configuration

singleLogout:
logoutURL: https://idp.enterprise.com/single-logout
postLogoutRedirectURL : https://enterprise.com/index.html

postLogoutSE Service Extension

This Service Extension enables the user to add custom behavior as part of the single logout experience. It is executed after the logout with the IdPs occur but before the redirect to postLogoutRedirectURL.
If not defined, the orchestrator will use the default behavior of dropping all the cookies associated in that request.
Below is an example of dropping a specific cookie as part of the single logout process.
singleLogout:
logoutURL: https://idp.enterprise.com/single-logout
postLogoutRedirectURL : https://enterprise.com/index.html
postLogoutSE:
funcName: PostLogout
file: /etc/maverics/extensions/postLogout.go
/etc/maverics/extensions/postLogout.go
package main
import (
"net/http"
"maverics/log"
)
func PostLogout(rw http.ResponseWriter, req *http.Request) {
log.Info("msg", "starting postLogoutSE")
for _, c := range req.Cookies() {
if c.Name == "storage" {
http.SetCookie(rw, &http.Cookie{
Name: c.Name,
Path: "/",
MaxAge: -1,
})
}
}
log.Info("msg", "successfully completed postLogoutSE")
}
Orchestrator reference - Previous
Sessions and user state
Next - Orchestrator reference
Connectors
Last modified 2mo ago