kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implemented universal logout

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-22 13:14:06 +02:00
parent 22ff2dc1f3
commit 4b9e7dd3b7
70 changed files with 522 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
roles/web-svc-logout/README.md Normal file
View File

@@ -0,0 +1,35 @@
# web-svc-logout
This folder contains an Ansible role to deploy and configure the **Universal Logout Service**.
## Description
This role sets up the universal logout proxy service, a Dockerized Python Flask container that coordinates logout requests across multiple OIDC-integrated applications. It also configures the necessary Nginx proxy snippets and environment variables to enable unified logout flows.
It solves the common challenge of logging a user out from all connected apps with a single action, especially in environments where apps live on multiple subdomains and use OIDC authentication.
## Overview
- Deploys the universal logout service container based on the official [universal-logout GitHub repository](https://github.com/kevinveenbirkenbach/universal-logout).
- Configures the logout domains dynamically based on application inventory and features using custom Ansible filters.
- Provides an Nginx `/logout` proxy configuration snippet that handles CORS and forwards logout requests to the logout service.
- Supplies a user-friendly logout conductor UI that requests logout on all configured domains and shows live status.
- Designed to be used as the Front Channel Logout URL for Keycloak or other OpenID Connect providers, enabling a seamless, service-spanning logout experience.
## Features
- Automatic discovery of logout domains from applications with the `features.universal_logout` flag enabled.
- Centralized logout proxy that clears cookies and sessions across all configured subdomains.
- Status page with live feedback on logout progress for each domain.
- Built-in support for Docker Compose deployment and integration with the CyMaIS ecosystem.
- Includes security-conscious headers (CORS, CSP) for smooth cross-domain logout operations.
## Further Resources
- [Universal Logout GitHub Repository](https://github.com/kevinveenbirkenbach/universal-logout)
- [CyMaIS Project](https://cymais.cloud)
- [Author: Kevin Veen-Birkenbach](https://veen.world)
---
*This role is licensed under the [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl).*