Add Logout Support for SAML2 SSO with Keycloak in Structurizr On-Premises #159
Description
Description
Currently, Structurizr On-Premises does not support logging out when using SSO authentication with SAML2. The existing logout mechanism only works for file-based and basic authentication. This issue proposes implementing a logout mechanism compatible with SAML2 authentication via Keycloak.
Proposed Changes
- Modify the logout link so that when Structurizr is configured with SAML2, it properly points to the /logout endpoint instead of the default logout route.
- Ensure that the authentication type is correctly loaded from the structurizr.properties file, making it available at runtime.
- Implement proper logout handling in Spring Security, allowing /logout to trigger a session termination mechanism suitable for SAML2 authentication.
- Create a custom logout handler to clear session cookies and redirect the user to the Keycloak logout endpoint, ensuring session invalidation.
- Introduce a new configuration property to specify the Keycloak logout redirect URL.
Expected Outcome
- Structurizr On-Premises should correctly handle SAML2-based logouts, ensuring that user sessions are fully terminated in Keycloak.
- Users should be redirected correctly after logout, preventing lingering active sessions in the SSO system.
- If required, I can provide the modified code for review and verification. Let me know if you need further details!
Priority
Low (I have no budget and there's no rush, please add this feature for free)
More information
No response