1. Administering Oracle Identity Cloud Service
  2. Configure Security Settings
  3. Manage Oracle Identity Cloud Service App Gateways
  4. How App Gateway Logout Works?

How App Gateway Logout Works?

Users can log out from the applications protected by App Gateway using two different mechanisms: App Gateway Logout URL or by calling an resource protected by a logout authentication method.

Use App Gateway Logout URL

App Gateway provides a central logout URL which can be used to log the user out from the single sign-on provided by Oracle Identity Cloud Service. Any call to this endpoint triggers the logout process. After the user is logged out, then any subsequent access to a protected application resource will require the user to sign in to Oracle Identity Cloud Service again.

This endpoint supports two parameters appended to the URL:
  • postlogouturl: The URL of a post-logout landing page. This value must be URL-encoded. If the parameter isn't specified, then App Gateway redirects the user browser to the Logout URL specified in theOracle Identity Cloud Service console's Session Settings.
  • state: This is an optional parameter to be used by the enterprise application, after the logout process finishes.

Syntax

http(s)://<appgateway_host>:<appgateway_port>/cloudgate/logout.html?postlogouturl=<url_encoded>&state=<state_value>

Example 29-1 Log out Endpoint With Parameters

If the App Gateway base URL is https://myappgateway.example.com:4443, then use the following URL to log the user out from the single sign-on: https://myappgateway.example.com:4443/cloudgate/logout.html?postlogouturl=http%3A%2F%2Fwww.oracle.com&state=123

Use Resource Protected by Logout Authentication Method

You can create a resource in your enterprise application and configure an authentication policy for this resource using Forms+Logout authentication method. When the user accesses this resource, App Gateway invokes the log out process and logs the user out from the single sign-on provided by Oracle Identity Cloud Service.

Syntax

http(s)://<appgateway_host>:<appgateway_port>/<logout_resource>

Example 29-2 Resource Protected by Logout Authentication Method

If you created /myapp/logout resource in your enterprise application, and assigned Forms+Logout as Authentication Method for this resource in Authentication Policy section, then when users access the URL https://myappgateway.example.com:4443/myapp/logout, they will be logged out from the single sign-on provided by Oracle Identity Cloud Service.