Logout.. case sensitive!

kevintparker · August 26, 2020, 6:34pm

This was driving me crazy.

We are using Okta for our customer facing applications and not employees (yet). Customer login to each app on their own and do not have a ‘tiles’ landing page. Single-Sign-On kicks in as they go from application to application.

In case you want to logout of Okta (all of Okta, not necessarily each app), and send the user back to the original application where they clicked logout, I suggest this pattern:
https://{oktaOrgUrl}/login/signout?fromURI={redirected logout url}

A couple of notes here.

fromURI IS CASE SENSITIVE. I tried several combinations and they would all send the user back to the configured default app for sign-in widget and not the {redirected logout url}.

2.If using OpenId, I believe you need to ensure the {redirected logout url} in configured for Logout redirect URIs

Lastly, make sure the domain of that redirect url in configured as a trusted origin (under Security > API link)

image711×434 16.3 KB
fromURI IS CASE SENSITIVE!

oscarm · March 23, 2021, 3:51pm

Hi @kevintparker,

I was testing your suggestion and confirmed that redirecting to the URL and not the ‘tiles’ landing page was working as of a week ago.
It is now currently redirecting to ‘tiles’ once a user logs out of the application.
Is this pattern still working properly on your application?

Thank you!

kevintparker · March 23, 2021, 7:04pm

It is still working on ours. Did anything change in terms of the configuration of the application?

oscarm · March 23, 2021, 7:36pm

Thanks @kevintparker.
We will verify if any changes were made to the suggestions you pointed out in your post.

kare · June 17, 2021, 6:40pm

@kevintparker
https://{oktaOrgUrl}/login/signout?fromURI={redirected logout url} is not working now

It is always redirecting to the signout url configured in the Org setup.
Settings>Customization>SignOut Page - which can have only one entry

Is there a way to provide a redirect uri. Thanks in advance

andrea · June 17, 2021, 8:48pm

If you have a custom Sign Out Page configured, I don’t believe there is anyway to bypass this by passing a long a fromURI parameter

kare · June 18, 2021, 2:34am

Thanks for confirming
I have two applications in the Okta org. App-1 can open App-2 (OIDC) in a new window.

When I click the logout in App-1 I am sending the user to the logout url https://{oktaOrgUrl}/login/signout

However AppB opened in the second window is retaining the session and continue working.

Is there a way to log out from both applications?

andrea · June 18, 2021, 4:29pm

Not OOTB, no. Each application will be managing its own session, so while the /login/signout route can end a user’s session in Okta, it will not affect the sessions for any of the applications the user has logged into and these sessions would need to be terminated at each SP.

silviu08 · March 20, 2022, 9:53pm

Thank you @kevintparker ! After a few hours of debugging, you saved me a couple more probably. Case sensitive, and don’t forget to add the url to the Security > API link section.