User17423515563557325075 (Customer) asked a question.
I have Node app an use OKTA for SSO using SAML.
My SSO works as expected - i.e. I get prompted for my my creds, push notification authenticate successfully, get back profile, etc. It works.
Now, I am trying to do a "simple" OKTA logout with a redirect back to my app's login screen. This is not SLO, just a logout and redirect using the following:
'https://trial-12345xyz.okta.com/login/signout?post_logout_redirect_uri=https://localhost:4001'
Appears straight-forward enough. Logout of OKTA, then redirect to https://localhost:4001 (btw, is encoded)
(successfully did this w/MS Entra - no issue)
The logout occurs fine; the redirect never happens. I've spent hours looking through this and the docs.
I keep finding info that states:
* look for "Logout redirect URIs" within the Okta admin console under the LOGIN section of General Settings." I see no such setting.
* enable and set up SLO and and enter url. I created cert/pem, enabled, entered url. No effect.
This seems like it should be a straight-forward procedure but I certainly must be missing something.
When I check the browser network stack I see the logout but NO indication of the redirect at all.
Any ideas would be appreciated.
Thanks
Rob
Hi @User17423515563557325075 (Customer) , Thank you for reaching out to the Okta Community!
As far as I've been able to see while testing with SAML tracer, https://<orgname>.okta.com/login/signout request also automatically triggers a logout request for the admin side https://<orgname>-admin.okta.com/login/admin/signout so I'm suspecting that is the reason the original redirect URI is disregarded.
There is currently no option change this behavior.
You can suggest it as a Feature Enhancement on the Okta Community page by going to the Community→ Ideas tab. Features suggested in our community are reviewed and can be voted and commented on by other members. High popularity will increase the likelihood of it being picked up by the Product Team and it being implemented.
More details here.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Level up your Identity security superpowers with Okta Learning.
Join the Online Discussion for Ask me Anything on March 25, 2025: Identity Threat Protection with Okta AI
So I am a little confused by this answer. Docs and online searches "claim" redirects are possible after a logout. You seem to be indicating that a very common practice of redirecting a user to a (the) application (typically, back to APP's login page) is currently not possible? So what does a SLO do? That also won't bring the user back to the originating app's landing page?
I am only in the evaluation stage of OKTA, but this was literally a 5-minute setup using MS Entra and seems like a very common task.
If you could please expand on the answer and confirm or deny that when using OKTA there is no way to log the user out and do redirect.
Thanks for your help!
Hi @User17423515563557325075 (Customer) - The SLO configuration allows you to sign out of the Okta session, but the "Logout Redirect URI" option is available for the OIDC apps.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Join the Online Discussion for Ask me Anything on March 25, 2025: Identity Threat Protection with Okta AI