Users can log out from the applications protected by App Gateway using two different mechanisms: App Gateway Log out URL or by calling a resource protected by a logout authentication method.
Use App Gateway logout URL
App Gateway provides a central logout URL which can be used to log the user out from the single sign-on provided by IAM. Any call to this endpoint triggers the logout process. After the user is logged out, then any subsequent access to a protected application resource will require the user to sign in to IAM again.
This endpoint supports two parameters appended to the URL:
- postlogouturl: The URL of a post logout landing page. This value must be URL-encoded. If the parameter isn't specified, then App Gateway redirects the user browser to the Logout URL specified in the Console's Session Settings.
- state: This is an optional parameter to be used by the enterprise application, after the logout process finishes.
Syntax
http(s)://<appgateway_host>:<appgateway_port>/cloudgate/logout.html?postlogouturl=<url_encoded>&state=<state_value>
Log out Endpoint With Parameters
If the App Gateway base URL is https://myappgateway.example.com:4443
, then use the following URL to log the user out from the single sign-on: https://myappgateway.example.com:4443/cloudgate/logout.html?postlogouturl=http%3A%2F%2Fwww.oracle.com&state=123
Use Resource Protected by Logout authentication method
You can create a resource in your enterprise application and configure an authentication policy for this resource using Forms+Logout authentication method. When the user accesses this resource, App Gateway invokes the log out process and logs the user out from the single sign-on provided by IAM.
Syntax
http(s)://<appgateway_host>:<appgateway_port>/<logout_resource>
Resource Protected by Logout authentication method
If you created /myapp/logout
resource in your enterprise application, and assigned Forms+Logout as Authentication Method for this resource in Authentication Policy section, then when users access the URL https://myappgateway.example.com:4443/myapp/logout
, they're logged out from the single sign-on provided by IAM.