Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
single sign out for cross domain
edited February 2013 in Vanilla 2.0 - 2.8
I have used jsconnect SSO also users are able to login through my web site to my forum but the problem is that untill and unless user log out from my web site he can not log out through my forum as well.
any help will be appreciable.
businessdad Stealth contributor MVP
businessdad I tried but it is not coming back to forum URL.
It's not working by just adding the "backto" parameter to the URL, you have to code something in the central site that reads such parameter and sends the User back. It's not an automatic mechanism, and it's not handled by Vanilla.5
The logic to follow is relatively simple. In a SSO environment, there is usually a central site that "calls the shots", i.e. the ones where the User logs in and out. When Users land on satellite websites, if they want to log in, they are sent to the central one, where they enter their credentials, then back to the originating site. From that moment on, any other satellite website will simply query the central one, and log Users in automatically.
Log out should work the same way: satellite websites should all redirect to the central website, where the User can log out before being redirected back. The algorithm on satellite sites, should be something like this:
1- Logged in on satellite site + Not logged in on central site = Log out User from satellite site.
2- Logged in on satellite site + Logged in on central site + click on "Log out" on satellite site = Send User to central site, asking it to perform a log out send him back. At this point, action described in #1 will occur.
How to do it
There are many ways to accomplish the above, and they depend on how both the central site and the satellite site(s) work. Assuming that Vanilla is a satellite site, a Quick & Dirty (tm) solution could be replacing the standard Vanilla log out URL with the central site logout URL, sending the original logout URL as a parameter. Something like this:
Original logout URL:
New logout URL:
Please note that the backto argument should be URL-encoded, although this forum shows it as plain text.
What the central site would do would be logging out the User, and then redirecting him to the "backto" URL, which would effectively sign User out of Vanilla.
It's far from elegant and it's fairly limited (for example, it may not work if central site requires a Transient Key the same way Vanilla does, as such value is usually random and Vanilla may not know it), but it could be a starting point.
My shop | About Me
@businessdad I tried but it is not coming back to forum URL. I added following code to function SignOutUrl() in functions.render.php
For eg. http://www.abc.com/logout?backto=http://forum.abc.com/entry/signout?TransientKey='.urlencode(Gdn::Session()->TransientKey());
it goes to abc.com it expected to come back to forum.abc.com.
Also I tried to set Target parameter.
function SignOutUrl($Target = 'http://www.abc.com/logout.php?')
return '/entry/signout?TransientKey='.urlencode(Gdn::Session()->TransientKey()).($Target ? '&Target='.urlencode($Target) : '');
But no success.
It's not working by just adding the "backto" parameter to the URL, you have to code something in the central site that reads such parameter and sends the User back. It's not an automatic mechanism, and it's not handled by Vanilla.
My shop | About Me
@businessdad : Thanks for quick reply, I will check.
usually you do something like.
grep is your friend.
@businessdad @x00 Thanks, finally our team has done it successfully as per your guidance.