We have SSO configured. When using it to login to our GoFAST installation, I cannot logout, the session on the SSO is not ended (ticket #003762)
We received the answer that "Yes you are right, I remember that the SAML module that we use have a logout option but regarding what you say it seems that we still have to implement it in our logout transaction. As a workaround you can reduce the SSO session duration to something like 10 min as GoFAST doesn't needs the SSO session anymore after the authentication phase is completed."
However, that is not a solution, as we do want to use the SSO to also switch between different applications.
After our discussion in the ticket, this functionality could be useful, I just want to make sure if this is a common request because you may also want sometimes to log out of GoFAST and then go to another application without losing your SSO session. Maybe it should be configurable.
@mrobert : Do you think Occitanie could also need this feature ?
Thanks in advance !
Oh, for clarification: The problem I see is that the logout seems not to be really a logout, even from GoFAST. When using SSO to login to GoFAST and then "logout" from GoFAST, next time I get back to the GoFAST URL I am already authenticated because of the SSO.
It can be that internally the session on GoFAST is ended, but the association with the SSO remains and reactivated next time. The problem is that if you happen to connect from a device not exclusively your own, it is difficult to ascertain that the next user (your child, for example) is not automatically directed to your sensitive HR documents.
This is an interesting discussion.
If I understand well, GoFAST is the only SSO login entry point, and not for example from an existing Intranet ? in this case the SSO session could be killed when the user clic on GoFAST "Logout" menu item. However for must customers, the SSO login entry point is another application and it is unlikely that it will be wanted to kill the SSO session used for all applications (however in this case then menu entry should be grayed)
So as @jlemangarin suggested, I think this feature should be configurable.
At last, GoFAST session is about a working day. Don't knows how that works in SSO environment (on a user perspective should do the same than clicking "Logout")
I thought I had given a further reply already - sorry for the delay.
We do use other entry points - at the moment one, but there are supposed to be more. For the one in question already used, a logout works