On Mon, Oct 2, 2017 at 12:22 PM, Colin McGuigan < [email protected]> wrote:
> Currently, if you logout it removes your token from memory and redirects > you > to the main page. > > For an extension implementing SAML authentication, it would also be > necessary to send a message to the identity provider telling it to discard > its own token. > > However, there seems to be no way to hook into this event. As best I can > tell, /api/tokens handles it completely internally and does not shell out > to > any extension API. > > As of a few days ago, there is such an API: https://issues.apache.org/jira/browse/GUACAMOLE-393 AuthenticatedUser and UserContext now both define an invalidate() function which is invoked upon user logout: https://github.com/apache/incubator-guacamole-client/blob/d808f7fbbdef9a0e14b139ac31e9fa225354efc6/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java#L52-L57 https://github.com/apache/incubator-guacamole-client/blob/d808f7fbbdef9a0e14b139ac31e9fa225354efc6/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/UserContext.java#L233-L238 You will need to build off git to leverage this. - Mike
