Merge pull request #3592 from SanojPunchihewa/4.5.x

Invalidate Session during a SAML2 based SSO logout
wso2 · Jun 20, 2023 · a56eb87 · a56eb87
2 parents 7af0d87 + e284a96
commit a56eb87
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java
@@ -338,6 +338,15 @@ protected static boolean handleLogout(CarbonUIAuthenticator authenticator,
         // This condition is evaluated when users are logged out in SAML2 based SSO
         if (request.getAttribute("logoutRequest") != null) {
         	log.debug("Loging out from SSO session");
+
+	    try {
+                invalidateSession(session);
+            } catch (Exception ignored) {
+                // Ignore exception when invalidating and invalidated session
+                if (log.isDebugEnabled()) {
+                    log.debug("Error in invalidating frontend session ", ignored);
+                }
+            }
             response.sendRedirect(contextPath + "/carbon/sso-acs/redirect_ajaxprocessor.jsp?logout=true");
             return false;
         }