Modifying SeaHub logout URL to do a full logout in our SSO implementation

diegosb · July 30, 2021, 8:26am

Hi Everyone,

Our Single Sign-On implementation is using AWS Cognito. Everything works perfectly but, since the logout button in SeaHub is doing a logout only of the SeaHub session (not the Cognito session), when the user wants to use SSO again with maybe a different user it is not possible because the Cognito session is still open and the user is automatically logged in with the same user as before.

So currently the logout button points to {seahub_domain}/accounts/logout/ and we would need to modify this to point to:
https://{AWS_Cognito_domain}/logout?
client_id={client_id}&logout_uri={seahub_domain}/accounts/logout/

Is there any way to modify the logout URL? we are using the Docker option to deploy Seafile.
Thank you in advance.

nico525 · July 30, 2021, 6:28pm

Do you need the Seafile logout? If not, you may just add a redirect directive into the nginx config to direct to the logout url of cognito

lian · August 3, 2021, 5:01am

Hello.

You can add this setting in conf/seahub_settings.py

# Since 8.0.6 CE/PRO version.
# Url redirected to after user logout Seafile.
# Usually configured as Single Logout url.
LOGOUT_REDIRECT_URL = 'http{s}://www.example-url.com'

diegosb · August 3, 2021, 12:40pm

Thank you both! I added the LOGOUT_REDIRECT_URL setting and it worked perfectly.