Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-74559

Static logout URL in IDP initiated SLO



    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.


      Customer would like to have a static logout URL that could be requested to Jira to logout, initiated from IDP to perform SLO. At present, logout url is dynamic which consist of atl_token i.e xsrf token and thus it cannot be added/configured in IDP unlike confluence where logout url is static.

      • In order to implement a proper SSO logout across all applications where the user is logged in, the IdP has the list of the "Logout URIs" for those applications.
      • When the user logs out from one application, the IdP performs a set of callbacks and logs out the user from each of the applications.
      • The Logout URI for Confluence is rather static: "/confluence/logout.action" and it can be configured in the IdP.
      • The Logout URI for Jira is unfortunately dynamic: "/jira/logout?atl_token=....", where the atl_token is specific for the current session. This dynamic URL cannot be configured as Logout URI in the IdP and hence a SSO Logout across all applications cannot be achieved.


        Issue Links



              Unassigned Unassigned
              1ece1773342d Sandip Shrivastava
              2 Vote for this issue
              4 Start watching this issue