Logout redirect
On logout, the Web Agent can redirect users to a specific AM page, or to a custom logout page in your web server. For properties to configure logout redirect, refer to Logout redirect.
The agent maintains the user realm
for each session, obtaining it from the JWT or sessioninfo endpoint.
When a user logs out, the agent automatically passes the stored realm to the
logout endpoint.
To log out to a landing page in a specific realm, specify the realm in
AM Logout URL.
Logout redirect is triggered when
Disable Logout Redirection
is false, and the incoming URL matches a value in
Logout URL List
or
Agent Logout URL Regular Expression.
When the incoming URL matches a logout URL, the agent redirects the web client to a URL configured in Logout Redirect URL.
| To ensure the end user can access the logout redirect URL, add it to the Not-Enforced URL List. |
If
Enable Invalidate Logout Session
is true, the agent invalidates the session in AM. Configure this if
Logout URL List
is set to a page in your application, and your application does not handle the
session invalidation process.
If
Enable Invalidate Logout Session
is false, the logout page is responsible for invalidating the user
session. Configure this if the
Logout URL List
is a SAML v2.0 logout page, the AM logout page, or a page in your
application that can handle the session invalidation process.
If
Disable Logout Redirection
is true, the agent does not add the goto parameter, and the web client
remains in the logout page.
| To reset specified cookies during logout, configure Reset Cookies on Logout List. |
Example logout flow with AM as the logout page
Example logout flow with the application serving the logout page
