mirror of https://github.com/zulip/zulip.git
0bb0220ebb
Closes #20084 This is the flow that this implements: 1. A logged-in user clicks "Logout". 2. If they didn't auth via SAML, just do normal logout. Otherwise: 3. Form a LogoutRequest and redirect the user to https://idp.example.com/slo-endpoint?SAMLRequest=<LogoutRequest here> 4. The IdP validates the LogoutRequest, terminates its own user session and redirects the user to https://thezuliporg.example.com/complete/saml/?SAMLRequest=<LogoutResponse> with the appropriate LogoutResponse. In case of failure, the LogoutResponse is expected to express that. 5. Zulip validates the LogoutResponse and if the response is a success response, it executes the regular Zulip logout and the full flow is finished. |
||
|---|---|---|
| .. | ||
| idp.crt | ||
| logoutrequest.txt | ||
| logoutresponse.txt | ||
| samlresponse.txt | ||
| zulip.crt | ||
| zulip.key | ||