Graylog2 / graylog-plugin-auth-sso

SSO support for Graylog through trusted HTTP headers set by load balancers or authentication proxies
Other
50 stars 13 forks source link

Log out #29

Open h4wkmoon opened 7 years ago

h4wkmoon commented 7 years ago

Problem description

Impossible to logout.

Steps to reproduce the problem

  1. Activate SSO plugin.
  2. Login with SSO
  3. Logout ==> You are not logged not, but a new session is created.

Environment

Could you add a url to be redirected to after the removal of the session by the logout process, plz ? This way, after Graylog has delete the session, we can be redirected to the logout page of the SSO provider.

Being a total ignorant in Java, I can't help.

kroepke commented 5 years ago

While I agree with the request, it is essentially the same problem as with https://github.com/Graylog2/graylog-plugin-auth-sso/issues/35#issuecomment-443741975

the tl;dr: the plugin itself is not consulted in the log out process and the frontend does not know about the authenticator which created the session, so it cannot redirect to the SSO provider.

In any case, this would require a server change, too.

petererler commented 5 years ago

If it would be possible to fix https://github.com/Graylog2/graylog-plugin-auth-sso/issues/35 in the way @ahus1 commented https://github.com/Graylog2/graylog-plugin-auth-sso/issues/35#issuecomment-444241634 then missing SSO headers would trigger a logout. In addition if the logout-URL could be configured to be the SSO provider's logout-URL then single-logout would work, too.

davama commented 3 years ago

This feature would be great!