Here's a first proposal for discussion. This should be compatible with the planned logout broadcast functionality.
Action path: /+logout
Required query string params:
* return_to=<URL>. If <URL> doesn't exactly match a known trust root (with
auto-redirect enabled - this is how we're defining full SSO sites) or the
user hasn't actually logged in to the requesting site within the defined
session period (see below), the user will see the same result as if the
params weren't passed (currently that they are logged out but will stay on
the SSO site and are notified of the logout). If HTTP_REFERER is sent by
the browser, its hostname must also match <URL>'s hostname. The return will
not fail if HTTP_REFERER is undefined, it's just an extra check if
available.
* user=<uid> (This is the last segment of the user's OpenID URL. eg: 1a2B3c4
from https://login.ubuntu.com/+id/1a2B3c4). If <uid> doesn't match the
current SSO session user, the following message will be displayed:
"<sitename> is attempting to log you out of your session but this isn't the
account you used to log in. You may be logged in to other sites which we
can't notify you about. Continue or cancel". 'Continue' continues with the
workflow below, but for the current SSO user. 'cancel' redirects the user
to the SSO main account page without logging them out of SSO. The
message "Logout cancelled" is displayed to the user.
Logout behaviour for valid requests:
Assumptions:
* trusted sites can have long sessions. let's say up to 365 days.
* non-trusted sites have a shorter session lifetime of up to 30 days.
(both session lifetime values should be globally configurable on SSO)
Assume the user isn't logged in to other sites if they:
* have only logged into the requesting site (and no other trusted sites) within
the defined session duration for trusted sites.
* haven't logged in to a non-trusted site within the defined duration for
non-trusted sites.
The user is immediately logged out of SSO.
If the user isn't logged in to other sites, they are redirected back to the
specified return URL.
If the user is logged in to other sites, the following content is displayed """
You have been logged out of <sitename>. You may also need to log out of these
sites which you've used recently:
* <sitename/URL>
Return to <sitename> (link to return_to)
"""
<sitename/URL> is a list of all sites (trusted and non-trusted) accessed within
the defined session durations, sorted by date order (most recent first), except
for the requesting site. Trusted sites display the printable name. Non-trusted
sites display the trust root. Both are links to the trust root which opens in a
new window/tab.
Here's a first proposal for discussion. This should be compatible with the planned logout broadcast functionality.
Action path: /+logout
Required query string params:
* return_to=<URL>. If <URL> doesn't exactly match a known trust root (with /login. ubuntu. com/+id/ 1a2B3c4). If <uid> doesn't match the
auto-redirect enabled - this is how we're defining full SSO sites) or the
user hasn't actually logged in to the requesting site within the defined
session period (see below), the user will see the same result as if the
params weren't passed (currently that they are logged out but will stay on
the SSO site and are notified of the logout). If HTTP_REFERER is sent by
the browser, its hostname must also match <URL>'s hostname. The return will
not fail if HTTP_REFERER is undefined, it's just an extra check if
available.
* user=<uid> (This is the last segment of the user's OpenID URL. eg: 1a2B3c4
from https:/
current SSO session user, the following message will be displayed:
"<sitename> is attempting to log you out of your session but this isn't the
account you used to log in. You may be logged in to other sites which we
can't notify you about. Continue or cancel". 'Continue' continues with the
workflow below, but for the current SSO user. 'cancel' redirects the user
to the SSO main account page without logging them out of SSO. The
message "Logout cancelled" is displayed to the user.
Logout behaviour for valid requests:
Assumptions:
* trusted sites can have long sessions. let's say up to 365 days.
* non-trusted sites have a shorter session lifetime of up to 30 days.
(both session lifetime values should be globally configurable on SSO)
Assume the user isn't logged in to other sites if they:
* have only logged into the requesting site (and no other trusted sites) within
the defined session duration for trusted sites.
* haven't logged in to a non-trusted site within the defined duration for
non-trusted sites.
The user is immediately logged out of SSO.
If the user isn't logged in to other sites, they are redirected back to the
specified return URL.
If the user is logged in to other sites, the following content is displayed """
You have been logged out of <sitename>. You may also need to log out of these
sites which you've used recently:
* <sitename/URL>
Return to <sitename> (link to return_to)
"""
<sitename/URL> is a list of all sites (trusted and non-trusted) accessed within
the defined session durations, sorted by date order (most recent first), except
for the requesting site. Trusted sites display the printable name. Non-trusted
sites display the trust root. Both are links to the trust root which opens in a
new window/tab.