You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Tim Worcester (Jira)" <ji...@apache.org> on 2020/11/02 21:32:00 UTC
[jira] [Comment Edited] (GUACAMOLE-519) Implement Single Logout on
OpenID Extension
[ https://issues.apache.org/jira/browse/GUACAMOLE-519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17224969#comment-17224969 ]
Tim Worcester edited comment on GUACAMOLE-519 at 11/2/20, 9:31 PM:
-------------------------------------------------------------------
So calling the openid logout directly from the browser may cause CORS issues right? So I was looking to implement a listener in the openid module that would get the user logout event which would need to have the id_token from the openid provider. Then the guacamole-client backend could call the logout url with the id_token and log the user out.
(But I couldn't find a backend event for Invalidate Session or User Logout)
was (Author: ghost_knight):
So calling the openid logout directly from the browser may cause CORS issues right? So I was looking to implement a listener in the openid module that would get the user logout event which would need to have the id_token from the openid provider. Then the guacamole-client backend could call the logout url with the id_token and log the user out.
> Implement Single Logout on OpenID Extension
> -------------------------------------------
>
> Key: GUACAMOLE-519
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-519
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-openid
> Environment: Ubuntu 16.04
> Tomcat 8
> Reporter: Kevin Chan
> Priority: Minor
>
> Currently when using OpenID Connect for authentication, when a user uses the logout link, they get re-authenticated and logged back in.
> Would like to override the logout to send an SLO and/or redirect user to a different site.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)