Ubuntu One Servers

Bug #451336
Comment #5

Comment 5 for bug 451336

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2010-08-02: Re: Need to redirect back to the consumer after logout

Here's a first proposal for discussion. This should be compatible with the planned logout broadcast functionality.

Action path: /+logout

Required query string params:

* return_to=<URL>. If <URL> doesn't exactly match a known trust root (with
    auto-redirect enabled - this is how we're defining full SSO sites) or the
    user hasn't actually logged in to the requesting site within the defined
    session period (see below), the user will see the same result as if the
    params weren't passed (currently that they are logged out but will stay on
    the SSO site and are notified of the logout). If HTTP_REFERER is sent by
    the browser, its hostname must also match <URL>'s hostname. The return will
    not fail if HTTP_REFERER is undefined, it's just an extra check if
    available.
* user=<uid> (This is the last segment of the user's OpenID URL. eg: 1a2B3c4
    from https://login.ubuntu.com/+id/1a2B3c4). If <uid> doesn't match the
    current SSO session user, the following message will be displayed:
    "<sitename> is attempting to log you out of your session but this isn't the
    account you used to log in. You may be logged in to other sites which we
    can't notify you about. Continue or cancel". 'Continue' continues with the
    workflow below, but for the current SSO user. 'cancel' redirects the user
    to the SSO main account page without logging them out of SSO. The
    message "Logout cancelled" is displayed to the user.

Logout behaviour for valid requests:

Assumptions:

* trusted sites can have long sessions. let's say up to 365 days.
* non-trusted sites have a shorter session lifetime of up to 30 days.

(both session lifetime values should be globally configurable on SSO)

Assume the user isn't logged in to other sites if they:

* have only logged into the requesting site (and no other trusted sites) within
the defined session duration for trusted sites.
* haven't logged in to a non-trusted site within the defined duration for
non-trusted sites.

The user is immediately logged out of SSO.

If the user isn't logged in to other sites, they are redirected back to the
specified return URL.

If the user is logged in to other sites, the following content is displayed """

You have been logged out of <sitename>. You may also need to log out of these
sites which you've used recently:

* <sitename/URL>

Return to <sitename> (link to return_to)
"""

<sitename/URL> is a list of all sites (trusted and non-trusted) accessed within
the defined session durations, sorted by date order (most recent first), except
for the requesting site. Trusted sites display the printable name. Non-trusted
sites display the trust root. Both are links to the trust root which opens in a
new window/tab.

Here's a first proposal for discussion.  This should be compatible with the planned logout broadcast functionality.

Action path: /+logout

Required query string params:

* return_to=<URL>.  If <URL> doesn't exactly match a known trust root (with
    auto-redirect enabled - this is how we're defining full SSO sites) or the
    user hasn't actually logged in to the requesting site within the defined
    session period (see below), the user will see the same result as if the
    params weren't passed (currently that they are logged out but will stay on
    the SSO site and are notified of the logout).  If HTTP_REFERER is sent by
    the browser, its hostname must also match <URL>'s hostname.  The return will
    not fail if HTTP_REFERER is undefined, it's just an extra check if
    available.
 * user=<uid> (This is the last segment of the user's OpenID URL. eg: 1a2B3c4
    from https://login.ubuntu.com/+id/1a2B3c4).  If <uid> doesn't match the
    current SSO session user, the following message will be displayed:
    "<sitename> is attempting to log you out of your session but this isn't the
    account you used to log in.  You may be logged in to other sites which we
    can't notify you about.  Continue or cancel".  'Continue' continues with the
    workflow below, but for the current SSO user.  'cancel' redirects the user
    to the SSO main account page without logging them out of SSO.  The
    message "Logout cancelled" is displayed to the user.

Logout behaviour for valid requests:

Assumptions:

* trusted sites can have long sessions. let's say up to 365 days.
 * non-trusted sites have a shorter session lifetime of up to 30 days.

(both session lifetime values should be globally configurable on SSO)

Assume the user isn't logged in to other sites if they:

* have only logged into the requesting site (and no other trusted sites) within
    the defined session duration for trusted sites.
 * haven't logged in to a non-trusted site within the defined duration for
    non-trusted sites.

The user is immediately logged out of SSO.

If the user isn't logged in to other sites, they are redirected back to the
specified return URL.

If the user is logged in to other sites, the following content is displayed """

You have been logged out of <sitename>.  You may also need to log out of these
sites which you've used recently:

* <sitename/URL>

Return to <sitename> (link to return_to)
"""

<sitename/URL> is a list of all sites (trusted and non-trusted) accessed within
the defined session durations, sorted by date order (most recent first), except
for the requesting site.  Trusted sites display the printable name.  Non-trusted
sites display the trust root.  Both are links to the trust root which opens in a
new window/tab.