The key to the dynamic referrer query parameter solution is extending the logout success velocity template, mainly idp.logout.success.page.template.html. By adding the following JavaScript to the velocity template, the referrer capability will be added. The tag will also be modified to process the referrer upon page loading, mainly modify the tag to be . When the page loading occurs the JavaScript will be processed to look for the referrer value.

  <script>
    function processLogout() {
        var redir = getUrlParameter("redirect");
        if(redir != '') {
            window.location = redir;
        } else {
            document.getElementById("docbody").style.display = "block";
        }
    }
    function getUrlParameter(name) {
        name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
        var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
        var results = regex.exec(location.search);
        return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' '));
    };
  </script>

Once the JavaScript has been added to the velocity template, thetag will need to be modified to process the referrer upon page loading as shown in the code snippet below. A new tag is also needed for the case when no referrer is provided which is an “id” that the JavaScript will then load as the page content.

  <body onload="processLogout()">
    <div class="container" id="docbody" style="display: none;">
    </div>
  </body>
  

With this implementation, the logout capability of the HTML Form IdP Adapter will behave in the following way.

    1. If the logoff page is hit with no query parameters (e.g. /https://sso.company.com/ext/logoff) then:
      • PingFederate SSO cookies will be cleared
      • User will land on the “you have been signed out” page
    2. If the logoff page is hit with query parameters (e.g. https://sso.company.com/ext/logoff?referrer=https://www.google.com) then:
      • PingFederate SSO cookies will be cleared
      • User will be redirected to “referrer” URL parameter (NB: needs to be fully qualified with protocol such as HTTP/S). In the example above the redirect will be to: https://www.google.com.

This adds the flexibility to auto-redirect to other locations upon logoff across applications within a federation. If you have any comments or questions, please contact us!

 Categories

Latest from twitter

Recommended for you

PingFederate Database Logging for Performance

31st May 2017

Ping Identity
the Challenge of ‘Run’

17th October 2017

Configuring database audit logging on PingFederate with MySQL

8th May 2017

Ping Identity

Ping Identity frees the digital enterprize by providing secure access that enables the right people to access the right things, seamlessly and securely.

Explore Ping Identity

Want to talk to an expert?

Get in touch to find out how we can work together. We’re here to help with any questions.

Request a callback
Email us