[
https://issues.apache.org/jira/browse/GUACAMOLE-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17860135#comment-17860135
]
Tribhuwan Phulera edited comment on GUACAMOLE-1266 at 6/26/24 12:36 PM:
------------------------------------------------------------------------
I have made minor customizations in the client code for handling the logout
button click. When users click logout, they are redirected to a common IDP
OAuth Logout URL, which is consistent across all applications. Additionally, I
have included a redirection link to the Apache Guacamole login page. This
effectively terminates all sessions across various Identity and Access
Management (IAM) systems, providing an interim solution.
These changes have been successfully tested with Microsoft Identity & Access
Management, Oracle Identity & Access Management, Keycloak, and IBM Identity &
Access Management.
The achieved result is successful logout from Apache Guacamole and complete
termination of sessions across all linked IDP systems.
*File Path:*
{{guacamole/src/main/frontend/src/app/navigation/directives/guacUserMenu.js}}
/**
* Logs out the current user, redirecting them to the IDP logout URL after
logout completes.
*/
$scope.logout = function logout() {
authenticationService.logout()
.then(function()
{
// Redirect to IDP logout URL
window.location.href =
'https://idp-logout-url/oauth2/v1/userlogout?redirect_uri=https://guacamole_login_url/';
}
)
.catch(function(error)
{ console.error('Logout failed:', error); }
);
};
was (Author: JIRAUSER305631):
I have made minor customizations in the client code for handling the logout
button click. When users click logout, they are redirected to a common IDP
OAuth Logout URL, which is consistent across all applications. Additionally, I
have included a redirection link to the Apache Guacamole login page. This
effectively terminates all sessions across various Identity and Access
Management (IAM) systems, providing an interim solution.
These changes have been successfully tested with Microsoft Identity & Access
Management, Oracle Identity & Access Management, Keycloak, and IBM Identity &
Access Management.
The achieved result is successful logout from Apache Guacamole and complete
termination of sessions across all linked IDP systems.
*File Path:*
{{guacamole/src/main/frontend/src/app/navigation/directives/guacUserMenu.js}}
/**
* Logs out the current user, redirecting them to the IDP logout URL after
logout completes.
*/
$scope.logout = function logout() {
authenticationService.logout()
.then(function()
{
// Redirect to IDP logout URL
window.location.href =
'https://idp-logout-url/oauth2/v1/userlogout?redirect_uri=https://guacamole_login_url/';
}
)
.catch(function(error)
{ console.error('Logout failed:', error); }
);
};
> Implement SAML Single Logout
> ----------------------------
>
> Key: GUACAMOLE-1266
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1266
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Reporter: Michael Miklis
> Priority: Minor
>
> The SAML Authentication Extension does not seem to have a logout function
> built in. This will result in a loop. Steps to reproduce:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * Redirect to Guacamole Start-Page happens
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
>
> The correct behaviour must be:
> * connect to guacamole ULR
> * Automatic redirect to IDP Signin Page happens
> * login via SAML IDP to Guacamole
> * Click Logoff in Guacamole
> * *Redirecting to configured IDP Logoff URL*
> * *IDP destroys session and redirects to Guacamole start page*
> * Redirect to IDP Signin Page
> * User gets signed in automatically as the session on the IDP is still
> existing
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
