Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

single sign out for cross domain

bhushanbhushan New
edited February 2013 in Vanilla 2.0 - 2.8

hello,
I have used jsconnect SSO also users are able to login through my web site to my forum but the problem is that untill and unless user log out from my web site he can not log out through my forum as well.

any help will be appreciable.

Best Answers

Answers

  • businessdadbusinessdad Stealth contributor MVP

    The logic to follow is relatively simple. In a SSO environment, there is usually a central site that "calls the shots", i.e. the ones where the User logs in and out. When Users land on satellite websites, if they want to log in, they are sent to the central one, where they enter their credentials, then back to the originating site. From that moment on, any other satellite website will simply query the central one, and log Users in automatically.

    Log out should work the same way: satellite websites should all redirect to the central website, where the User can log out before being redirected back. The algorithm on satellite sites, should be something like this:

    1- Logged in on satellite site + Not logged in on central site = Log out User from satellite site.
    2- Logged in on satellite site + Logged in on central site + click on "Log out" on satellite site = Send User to central site, asking it to perform a log out send him back. At this point, action described in #1 will occur.

    How to do it
    There are many ways to accomplish the above, and they depend on how both the central site and the satellite site(s) work. Assuming that Vanilla is a satellite site, a Quick & Dirty (tm) solution could be replacing the standard Vanilla log out URL with the central site logout URL, sending the original logout URL as a parameter. Something like this:

    Original logout URL:
    http://myforum.com/entry/signout?TransientKey=HJHG16GLNUPA

    New logout URL:
    http://mycentralsite.com/logout?backto=http%3A%2F%2Fmyforum.com%2Fentry%2Fsignout%3FTransientKey%3DHJHG16GLNUPA

    Please note that the backto argument should be URL-encoded, although this forum shows it as plain text.

    What the central site would do would be logging out the User, and then redirecting him to the "backto" URL, which would effectively sign User out of Vanilla.

    It's far from elegant and it's fairly limited (for example, it may not work if central site requires a Transient Key the same way Vanilla does, as such value is usually random and Vanilla may not know it), but it could be a starting point.

  • @businessdad I tried but it is not coming back to forum URL. I added following code to function SignOutUrl() in functions.render.php
    For eg. http://www.abc.com/logout?backto=http://forum.abc.com/entry/signout?TransientKey='.urlencode(Gdn::Session()->TransientKey());
    it goes to abc.com it expected to come back to forum.abc.com.

    Also I tried to set Target parameter.
    function SignOutUrl($Target = 'http://www.abc.com/logout.php?')
    {
    return '/entry/signout?TransientKey='.urlencode(Gdn::Session()->TransientKey()).($Target ? '&Target='.urlencode($Target) : '');
    }

    But no success.

    Please help.

  • @businessdad : Thanks for quick reply, I will check.

  • bhushanbhushan New
    edited March 2013

    @businessdad @x00 Thanks, finally our team has done it successfully as per your guidance.

    :)

Sign In or Register to comment.