[IdP Mobile] IdP Mobile Logout problem

[IdP Mobile] IdP Mobile Logout problem

  
Forge Component
(2)
Published on 4 Jul by Telmo Martins
2 votes
Published on 4 Jul by Telmo Martins

Hi,

We have a problem with the IdP Mobile logout. We are running version 10.0.828.0 in the cloud.

With the "logout with InAppBrowser" we get a TOO MANY REDIRECTS error and are not logged out. This problem is encountered when we use the following flow:
Login -> Close the app -> Open the app again -> Logout with InAppBrowser"

In the Saml Message Logs we have an invalid logout error: Root element is missing.The log has no Saml Id, Saml Message and username


We have this problem in our own and in the IdP Mobile Sample application. When we set the "RememberLogin" bool to False this problem is non existent.

I Hope there is a solution to this problem so we can set the RemeberLogin to True.

Thanks in advance,

Ruben

Hi Ruben,

The scenario you describe that want to achieve does not make much sense using IdP mobile. If you are not using OutSystems IdP server, don't forget that from IdP server side, that's an actual browser 'web' session. So if you don't want to remember the login (standard IdP mobile scenario), then you can perform a Single Logout without much problems, which will do a Single logout (browser http call) on idP server as well with in app browser.

From the moment you set RememberLogin as True, close the app and open the app again, you will still be logged in but it will be not possible to perform a Single logout in IdP server, since that session may be ended at the server some time ago and the mobile app cannot track it. So using RememberLogin option with IdP mobile it's a valid scenario, but you can't perform a Single logout. To logout from the app, you just do a standard OutSystems logout without the In app browser.

Regards

PS - the error itself of too many redirects may be some bug on the component, but the scenario you describe should not be used with IdP mobile.


Hi Telmo,

Thanks for the fast reaction. I understand what you mean but with the standard OutSystems logout our problem wasn't resolved. The problem is when the web session is still active we have to do a single logout, otherwise we are logged in again right away (we removed the login button). So the logout worked after a full close of the app but not when we just logged in because the action is still active (which it shouldn't be).

We found out that there is a bug in the InAppBrowserEvents plugin, the clearcache and clearsessioncache options weren't parsed correctly. We fixed this by removing the default True settings from the Options structure. Now the cache is cleared and the web session is always removed after a login, so only the outsystems login is active. That way we can logout succesfully with the OutSystems logout.

Thanks again.