Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-74559

Static logout URL in IDP initiated SLO

    XMLWordPrintable

Details

    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Customer would like to have a static logout URL that could be requested to Jira to logout, initiated from IDP to perform SLO. At present, logout url is dynamic which consist of atl_token i.e xsrf token and thus it cannot be added/configured in IDP unlike confluence where logout url is static.

      • In order to implement a proper SSO logout across all applications where the user is logged in, the IdP has the list of the "Logout URIs" for those applications.
      • When the user logs out from one application, the IdP performs a set of callbacks and logs out the user from each of the applications.
      • The Logout URI for Confluence is rather static: "/confluence/logout.action" and it can be configured in the IdP.
      • The Logout URI for Jira is unfortunately dynamic: "/jira/logout?atl_token=....", where the atl_token is specific for the current session. This dynamic URL cannot be configured as Logout URI in the IdP and hence a SSO Logout across all applications cannot be achieved.

      Attachments

        Issue Links

          relates to

          Suggestion - JRASERVER-71357 Implement SAML Single Logout (SLO)

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              1ece1773342d Sandip Shrivastava
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: