Users can log out from the applications protected by App Gateway using two different mechanisms: App Gateway Logout URL or by calling an resource protected by a logout authentication method.
Use App Gateway Logout URL
App Gateway provides a central logout URL which can be used to log the user out from the single sign-on provided by Oracle Identity Cloud Service. Any call to this endpoint triggers the logout process. After the user is logged out, then any subsequent access to a protected application resource will require the user to sign in to Oracle Identity Cloud Service again.
- postlogouturl: The URL of a post-logout landing page. This value must be URL-encoded. If the parameter isn't specified, then App Gateway redirects the user browser to the Logout URL specified in theOracle Identity Cloud Service console's Session Settings.
- state: This is an optional parameter to be used by the enterprise application, after the logout process finishes.
Example 29-1 Log out Endpoint With Parameters
If the App Gateway base URL is
https://myappgateway.example.com:4443, then use the following URL to log the user out from the single sign-on:
Use Resource Protected by Logout Authentication Method
You can create a resource in your enterprise application and configure an authentication policy for this resource using Forms+Logout authentication method. When the user accesses this resource, App Gateway invokes the log out process and logs the user out from the single sign-on provided by Oracle Identity Cloud Service.
Example 29-2 Resource Protected by Logout Authentication Method
If you created
/myapp/logout resource in your enterprise application, and assigned Forms+Logout as Authentication Method for this resource in Authentication Policy section, then when users access the URL
https://myappgateway.example.com:4443/myapp/logout, they will be logged out from the single sign-on provided by Oracle Identity Cloud