> > I think this can be accomplished with what is already present. It depends > on what must happen during logout, though. Depending on the needs of the > IDP, there are two sides to single logout that may come into play: > > 1) Notifying the IDP that the user has logged out. If the IDP or use case > requires this sort of thing, and there is some sort of endpoint which must > be used to notify the IDP that the user has logged out, then a server-side > request to that endpoint within invalidate() is exactly what would need to > be done. >
I think in most cases we actually want to redirect, not just notify, so I'm guessing just doing a server-side call isn't necessarily going to be the way to go, unfortunately. > > 2) Cosmetically redirecting the user away from Guacamole and to some other > URL. There is a "guacLogout" event broadcast by the authentication service > which is tempting: > > > https://github.com/apache/guacamole-client/blob/fd2198d62bd5181c6a193dbcedc401823e0fbabe/guacamole/src/main/webapp/app/auth/service/authenticationService.js#L293-L294 > > But that fires before the token is invalidated, and there is a different > redirect that takes place after the logout() call succeeds: > > > https://github.com/apache/guacamole-client/blob/a1e6db170f286882670957e1e127cae061096bb3/guacamole/src/main/webapp/app/navigation/directives/guacUserMenu.js#L145-L148 > > I think we would need to split that event up a bit - adding a > "guacBeforeLogout" to replace what is currently "guacLogout", moving > "guacLogout" such that it fires after the logout request has completed, and > moving the redirect into default handling which takes effect if > preventDefault() for "guacLogout" is not set. The behavior upon logout > could then be overridden by adding an event handler for "guacLogout". > > I opened a JIRA issue and submitted a PR for this, so hopefully it looks okay and takes care of this. > The problem then becomes exposing the configured redirect URL for > consumption by the overridden logout handling. > > What about overriding the LOGOUT_ACTION or providing some sort of parameter for it that specifies what the URL should be when the logout occurs: https://github.com/apache/guacamole-client/blob/a1e6db170f286882670957e1e127cae061096bb3/guacamole/src/main/webapp/app/navigation/directives/guacUserMenu.js#L156-L159 I'm not entirely sure how to do this and allow the module to push the configuration, but I can work on figuring that out... -Nick