iwokc (iwokc) asked a question.
[Situation]
I was under the impression that enabling Single Logout in the application settings of Okta and Okta Access Gateway, and configuring the logout path, would achieve the desired result. However, even though the application logs out, Okta does not perform the logout.
https://help.okta.com/oag/en-us/Content/Topics/Access-Gateway/task-define-application-behaviors.htm
As for the logout behavior, I have set it to "Show Logout page," and when I log out from the application, this logout page is displayed. Therefore, the logout process itself should be recognized, but it seems that the Okta login session remains.
[Question]
I referred to the following URL for Okta configuration, but I'm not sure which certificate should be uploaded. Could you please let me know?
https://help.okta.com/en-us/Content/Topics/Apps/Apps_Single_Logout.htm
Also, I would like to check the logs for Okta and Okta Access Gateway to investigate the cause. If there are any specific logs that I should review, please let me know.
Hi, @iwokc (iwokc)
Thank you for posting on our Community page!
Please check this article to find out more about the SP certificate:
https://support.okta.com/help/s/article/Replace-SP-Signing-Certificate-In-OKTA?language=en_US
For the second question, I found an article talking about SLO limitations that might be of assistance:
https://support.okta.com/help/s/article/What-SLO-does-and-doesnt-do?language=en_US
Thank you for reaching out to our Community and have a great day!.
_____________________________________________________________________________
Watch and Learn: New Okta how-to videos, plus what's new this month in the May newsletter.
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
@User16594883467582706479 (Customer Support Online Experience)
Thank you for your response.
In the second URL, the following information was provided:
"Okta currently only supports Service Provider Initiated (SP-INIT) SLO, where the SP web application sends the SLO request to end the Okta session."
In this case, since you are integrating with a custom application using Okta Access Gateway, would it be necessary to implement the request processing to the SLO URL on the custom application side?
Hi, 光洋 福岡
Documentation posted on this article, here: https://support.okta.com/help/s/question/0D54z00009RXiQ5CAL/unable-to-perform-single-logout-in-okta-access-gateway?language=en_US
Thank you for reaching out to our Community and have a great day!
_________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________