About the Author: ProofID

ProofID

Share

TOPICS

The key to the dynamic referrer query parameter solution is extending the logout success velocity template, mainly idp.logout.success.page.template.html. By adding the following JavaScript to the velocity template, the referrer capability will be added. The tag will also be modified to process the referrer upon page loading, mainly modify the tag to be . When the page loading occurs the JavaScript will be processed to look for the referrer value.

  <script>
    function processLogout() {
        var redir = getUrlParameter("redirect");
        if(redir != '') {
            window.location = redir;
        } else {
            document.getElementById("docbody").style.display = "block";
        }
    }
    function getUrlParameter(name) {
        name = name.replace(/[[]/, '\[').replace(/[]]/, '\]');
        var regex = new RegExp('[\?&]' + name + '=([^&#]*)');
        var results = regex.exec(location.search);
        return results === null ? '' : decodeURIComponent(results[1].replace(/+/g, ' '));
    };
  </script>

Once the JavaScript has been added to the velocity template, thetag will need to be modified to process the referrer upon page loading as shown in the code snippet below. A new tag is also needed for the case when no referrer is provided which is an “id” that the JavaScript will then load as the page content.

  <body onload="processLogout()">
    <div class="container" id="docbody" style="display: none;">
    </div>
  </body>
  

With this implementation, the logout capability of the HTML Form IdP Adapter will behave in the following way.

    1. If the logoff page is hit with no query parameters (e.g. /https://sso.company.com/ext/logoff) then:
      • PingFederate SSO cookies will be cleared
      • User will land on the “you have been signed out” page
    2. If the logoff page is hit with query parameters (e.g. https://sso.company.com/ext/logoff?referrer=https://www.google.com) then:
      • PingFederate SSO cookies will be cleared
      • User will be redirected to “referrer” URL parameter (NB: needs to be fully qualified with protocol such as HTTP/S). In the example above the redirect will be to: https://www.google.com.

This adds the flexibility to auto-redirect to other locations upon logoff across applications within a federation. If you have any comments or questions, please contact us!

Be the first to hear about news, product updates, and innovation from proofid