Override Local Logout with Single Logout in SAML
In some cases, the local logout for platform users is not enough and in a SAML scenario, the user should also be logged out of the Identity Provider. To do that, the user has to be sent to the SAML logout URL instead of the regular logout URL
Step-by-step guide
This step-by-step guide assumes you are using the predeployed version of the iGrafx Platform and your IDP is set up to allow SingleLogout requests. When using the WAR or EAR file, the portalshared.ftl file will have to be extracted from within the EAR/WAR file.
- Create a new folder
extensions/samllogout/WEB-INF/templatesin your base directory, including all subdirectories - Copy the file
apache-tomcat-8.5.xx/igrafx/iGrafxWebApp/WEB-INF/templates/Decorator/applicationheader.ftlfrom your installation directory into the newly created extension directory - Edit the file in the extension directory and replace the one occurrence of
href="/logout"withhref="/saml/logout", then save the file - Restart your iGrafx Platform
- Your logout button should now log you out of the iGrafx Platform and afterwards redirect you to your IDP logout.
Only use this if you are using SAML authentication and your FederationMetadata.xml file contains a <SingleLogout> element that tells the iGrafx Platform where the IDP logout service is available, otherwise this feature will not work.