[FEATURE-12767,14002] Perspective Logout and Redirect

I am trying to setup a button that will logout a user and then redirect to a different page. I have setup a button with a onClick mouse event to first Logout and then navigate to the url. The problem is if I try to login again it seems to retain what user I was logged in rather then prompting for the user login. If I remove the navigation action and only do the logout. The login prompt will come up again if trying to access the project again. It is appears that the user session is not being cleared if I navigate immediately after the logout action.

same issue here. it is redirecting to the login project, but it remembers who is logged in.

Hi @Jonathan -

The logout action or script will navigate the browser away from the perspective project to a logout route on the gateway which will first log the user out of the session, then check if the IdP has a logout callback configured, and if so, redirect to the IdP for logout. In either case, the browser will finally redirect back to the project and page URL which triggered the logout.

The navigation action or script will also navigate the browser away from the perspective project to the url you configured.

It seems like the second navigation action browser redirect is “overriding” the first logout action’s browser redirect so that you are never logged out. Such a configuration is a bit racy and I would not recommend this strategy for navigating to a different page post-logout. Unfortunately I do not have a good workaround for solving your problem. I believe we are lacking a feature where you can configure the page or URL to return to post-login or post-logout in both actions and scripts. I’ll create a ticket internally to implement this feature and reply back when the work is completed.

2 Likes

Thanks. A redirect property on the logout action would be good.

Also you said the Idp could have a logout callback configured for redirect. if i am using a Ignition IdP is there a way to configure it to have the redirect callback?

Hi @Jonathan -

The Ignition IdP is always configured with the logout callback under the hood, so you do not need to worry about setting that up.

Now I have an IdP setup with an actual SAML provider. When I click log out it redirects to the Ignition sign in page, but when I click to sign in it just takes be back into the project without asking for credentials. I must be missing a setting for the callback some where, but I do not see a place to put the log out url of the SAML provider.

Hi @Jonathan -

We have a feature ticket on our backlog (12767) to implement the Single Logout (SLO) part of the SAML spec. Once that is delivered, you will be able to configure the SLO URL so that Ignition can notify the IdP when the user has logged out.