Hello,
I’m encountering an issue with the logout process in Open OnDemand where, after logging out, the session appears to end as expected. However, when I re-enter the URL, I am not prompted to log in again; it seems the session is still active and recognizes me, bypassing the need for re-authentication. This issue is peculiar to Open OnDemand in our setup, as other services utilizing the same SSO (Single Sign-On) implementation do not exhibit this problem, leading me to believe the issue might lie with Open OnDemand’s handling of the logout process rather than the SSO itself.
Here’s a summary of my SSO configuration for Open OnDemand
:
auth:
- “AuthType openid-connect”
- “Require valid-user”
logout_redirect: “https://sso.e-science.pl/auth/realms/e-science.pl/protocol/openid-connect/logout”
user_map_cmd: “/opt/ood/ood_auth_map/bin/ood_auth_map.sh”
oidc_uri: “/oidc”
oidc_provider_metadata_url: “https://sso.e-science.pl/auth/realms/e-science.pl/.well-known/openid-configuration”
oidc_client_id: “openondemand”
oidc_client_secret: ***************
oidc_scope: “openid email”
oidc_session_inactivity_timeout: 28800
oidc_session_max_duration: 28800
oidc_state_max_number_of_cookies: “10 true”
oidc_settings:
OIDCPassIDTokenAs: “serialized”
OIDCPassRefreshToken: “On”
OIDCPassClaimsAs: “environment”
OIDCStripCookies: “mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1”
OIDCResponseType: “code”
I am using Open OnDemand version 3.0.3, and this issue occurs across all web browsers, including Chrome, Firefox, and Edge, and persists even when using private or incognito modes.
Has anyone experienced a similar issue, or does anyone have insights on potential configuration adjustments that might resolve this persistent session problem? Any guidance or suggestions would be greatly appreciated.