During normal logout in Sakai, only the Sakai sessions are cleared. To ensure that the DistAuth cookies are deleted, one must modify the LoginTool.java file in the sakai-2-0-1-src\login\login\src\java\org\sakaiproject\tool\login directory. An additional parameter can be added to the sakai.properties file so that the logout url is correctly referenced.
#1. modify the complete() method to be the following:
protected void complete(String returnUrl, Session session, Tool tool, HttpServletResponse res, String reply) throws IOException
{
//added info by Scott Amerson to include logout url for secureweb
// cleanup session
if (session != null)
{
session.removeAttribute(Tool.HELPER_MESSAGE);
session.removeAttribute(Tool.HELPER_DONE_URL);
session.removeAttribute(ATTR_MSG);
session.removeAttribute(ATTR_RETURN_URL);
session.removeAttribute(ATTR_CONTAINER_CHECKED);
}
// redirect to the done URL
//only send user to secureweb on /logout path, not /xlogin or /login
if (reply.equals("logout"))
{
String LogOutURL = ServerConfigurationService.getString("secureweb.logoutURL", "");
res.sendRedirect(LogOutURL + res.encodeRedirectURL(returnUrl));
}
else
{
res.sendRedirect(res.encodeRedirectURL(returnUrl));
}
}
|
#2. Add the following secureweb logout url value to the Tomcat/sakai/sakai.properties file:
secureweb.logoutURL=https://secureweb.ucdavis.edu/form-auth/logout?
This logout url will direct Sakai to secureweb to logout the cookies properly, and redirect the user to the intended url.