Logout Functionality of SecureWeb in Sakai 2.0+
How do I logout in Sakai so that DistAuth cookies are deleted?
During normal logout in Sakai, only the Sakai session information is cleared. To ensure that the DistAuth cookies are deleted also, one must modify the LoginTool.java file in the sakai-2-0-1-src\login\login\src\java\org\sakaiproject\tool\login directory. An additional parameter can be added to the sakai.properties file so that the logout url is correctly referenced.
Steps involved, for Sakai 2.1.x
1. Apply the BasicConfigurationService patch that Jon G made, located at:
https://mware.ucdavis.edu/svn/ucdsakai/branches/archive/sakai-2-1-x/legacy.diff
to the root of sakai-src, so that the logout functionality will clear the cookies.
**Here are the contents of that patch
Index: legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java =================================================================== --- legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java (revision 12171) +++ legacy/component/src/java/org/sakaiproject/component/framework/config/BasicConfigurationService.java (working copy) @@ -28,6 +28,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.InputStream; +import java.text.MessageFormat; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -330,6 +331,9 @@ String rv = (String) m_properties.get("loggedOutUrl"); if (rv != null) { + // Format the server URL into the string at location 0 + rv = MessageFormat.format(rv, new Object[]{getServerUrl()}); + // if not a full URL, add the server to the front if (rv.startsWith("/")) {
2. Have a value in your sakai.properties of:
loggedOutUrl=https://secureweb.ucdavis.edu/form-auth/logout?{0}/portal
This logout url will direct Sakai to secureweb to logout the cookies properly, and redirect the user to the intended url.