If any of your protected resources have a logout page or button, you need to redirect the user’s logout request to the Access Gateway logout page. The Access Gateway can then clear the user’s session and log the user out of any other resources that have been enabled for single sign-on. If you do not redirect the user’s logout request, the user is logged out of one resource, but the user’s session remains active until inactivity closes the session. If the user accesses the resource again before the session is closed, single sign-on re-authenticates the user to the resource, and it appears that the logout did nothing.
In the Administration Console, click
> > > .In the
section, view the path to the AGLogout page in the option.The Logout URL displays the URL that you need to use for logging users out of protected resources. This option is not displayed until you have created at least one reverse proxy with a proxy service. If you create two or more reverse proxies, you can select which one is used for authentication, and the logout URL changes to match the assigned reverse proxy. For more information on changing the authentication proxy, see Section 17.3.2, Changing the Authentication Proxy Service.
Use this path to redirect application logout requests to this page.
Click
.For backwards compatibility, the Linux Access Gateway currently supports the following logout pages:
/cmd/BM-Logout
/cmd/ICSLogout
These pages have been disabled on the NetWare Access Gateway, and in a future release, will be disabled on the Linux Access Gateway. If you have applications that use these pages for redirecting the user’s logout request, we suggest that you update them to use the AGLogout page. The AGLogout page does a global logout, logging the user out of all resources, Access Gateways, Identity Servers, and service providers.