End Gluu Session

By: matt dillenkoffer user 09 Sep 2016 at 2:36 p.m. CDT

3 Responses
matt dillenkoffer gravatar
I have gotten logout to work with our webapp by having a logoutIntercepter redirect the users browser to the gluu end_session endpoint and put the id_token_hint as a query parameter and this works great. We have another use case where the user's session times out due to inactivity. When this happens we can capture this event with a servlet.session.destroy.events=MyEventHandlerClass The problem here is that I only get an instance of the HttpSession when this eventHandler fires, so how can I call end_session and successfully kill the session between the browser and Gluu. If I pass the id_token_hint and the session_id will it work if I call end_session endpoint like a get REST service instead of redirecting the user's browser to that address? But then how could my app know the browser's gluu session_id?
U1404
closed

Answers

By Michael Schwartz Account Admin 09 Sep 2016 at 2:55 p.m. CDT

Copy
Michael Schwartz gravatar
If you call the end session endpoint with the id_token hint, you will invalidate the session, but the RP applications won't get a notification that the session is ended. The [Front Channel Logout Spec](http://openid.net/specs/openid-connect-frontchannel-1_0.html) works by rendering iFrames for with the logout URL for each application so that local application sessions in the browser can be ended (not just the OP session). Also, keep in mind that if the browser blocks third party cookies, logout may be broken all together. There are many articles on the Internet about the phenomemnon. Basically, logout is a dicey proposition... Perhaps one way to handle it is to make your apps use the refresh token more frequently to obtain a new access token to make sure the session is still active.

By matt dillenkoffer user 09 Sep 2016 at 4:04 p.m. CDT

Copy
matt dillenkoffer gravatar
Thank you for the quick response and good info. My problem is more of a battle with Liferay workflows than with Gluu. Thanks again.

By Michael Schwartz Account Admin 09 Sep 2016 at 4:36 p.m. CDT

Copy
Michael Schwartz gravatar
we know of a good Liferay consultant from India if you need one.

Post an answer