WłodzimierzT.41540 (Customer) asked a question.
Hi,
I have a system where example.com is a reverse proxy to some other server and it uses mod_auth_mellon and okta for security.
I have an okta app with SLO configured in a manner:
Enable Single Logout: [CHECKED]
Single Logout URL: https://example.com/logout.html
SP Issuer: https://example.com/mellon_endpoint/metadata
Signature Certificate: [uploaded cert from mellon]
So after a user hits the logout button on the example.com, he is redirected to https://example.com/mellon_endpoint/logout?ReturnTo=https://example.com/logout.html, which takes him to okta and then okta bounces him back to https://example.com/logout.html (if I understand the process correctly).
What I would like to do is to redirect the user back to the page he was on when he logged out instead of going to https://example.com/logout.html, so he can log back in. How can I achieve this?
Something in okta config caught my eye:
SAML issuer ID: http://www.okta.com/${org.externalKey}
Can I somehow use something similar to make the Single Logout URL for example ${last_url}, where last_url is the page user was on when he logged out? If not, could you propose another solution?
Regards,
Wojciech
Liviu with the Developer Support team here. The SAML issuer ID is a totally different thing from what you are discussing about given that it is the identifier of your Identity Provider (in this case being Okta).
If you have specified in Okta that you want users to land to https://example.com/logout.html, that will be only URL that Okta will redirect to. There are some cases in which you can use the login page's URL as an SLO URL, but only if your app supports it.
If your login page doesn't support SLO, you can make your application check for an existing session and if there is none, redirect the users to the login page (this part of the script happening on your logout page).