[IdPReact] Issue with Single Logout
Forge component by Telmo Martins
Published on 09 Oct 2020

Using IdPReact v1.0.1 within a Reactive web application, single logout functionality was not working for me. Within the web application, the DoLogout server action was revised first using the IdP module's IdP_SingleLogout_URL action and later IdPReact module's IdP_Logout action. Neither successfully negotiated a true single logout SAML request to the configured IdP (Azure AD in my case). In each case I was able to return to the application with need to authenticate. In further triage, I located what may be a possible issue and resolution within the IdPReact module's IdP_Logout server action. The inline DoLogout action there calls the User module's User_Logout action which clears session as well as current UserId. This in turn impacts the subsequent SLO process within IdP/DoSLOLogout/Preparation which checks if GetUserId() is not null as a condition of assembling the SLO SAML request. The fix for me was to disable the DoLogout action within IdPReact module's IdP_Logout action as follows:

Please review to determine if the above fix should be incorporated in an IdPReact module update or otherwise, if mistaken, what is needed to get single logout working within a Reactive web application?