kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-04 04:08:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a26538d1b376cb4aed39cdba49a568b65b5b1381
computer-playbook/roles/web-svc-logout
History
Kevin Veen-Birkenbach 5e616d3962 web: general domain cleanup (canonical/aliases normalization) 
- Normalize domain blocks across apps:
  - Add explicit 'aliases: []' everywhere (no implicit aliases)
  - Standardize canonical subdomains for consistency:
    * Bluesky: web/api under *.bluesky.<PRIMARY_DOMAIN>
    * EspoCRM: espo.crm.<PRIMARY_DOMAIN>
    * Gitea:   tea.git.<PRIMARY_DOMAIN>
    * GitLab:  lab.git.<PRIMARY_DOMAIN>
    * Joomla:  joomla.cms.<PRIMARY_DOMAIN>
    * Magento: magento.shop.<PRIMARY_DOMAIN>
    * OpenProject: open.project.<PRIMARY_DOMAIN>
    * Pretix:  ticket.shop.<PRIMARY_DOMAIN>
    * Taiga:   kanban.project.<PRIMARY_DOMAIN>
  - Remove legacy/duplicate aliases and use empty list instead
  - Fix 'alias' -> 'aliases' where applicable

Context: preparing for AUTO_BUILD_ALIASES=False and deterministic redirect mapping.

Ref: conversation https://chatgpt.com/share/68cd512c-c878-800f-bdf2-81737adf7e0e
2025-09-19 14:51:56 +02:00
..
config
web: general domain cleanup (canonical/aliases normalization)
2025-09-19 14:51:56 +02:00
filter_plugins
Restructured server config
2025-08-07 11:31:06 +02:00
meta
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
tasks
web-svc-logout: merge logout domains into CSP connect-src and refactor task flow
2025-09-01 16:41:33 +02:00
templates
web-svc-logout: merge logout domains into CSP connect-src and refactor task flow
2025-09-01 16:41:33 +02:00
vars
web-svc-logout: merge logout domains into CSP connect-src and refactor task flow
2025-09-01 16:41:33 +02:00
__init__.py
README.md
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
TODO.md
Enforce uppercase README.md and TODO.md filenames
2025-08-29 18:11:53 +02:00

README.md

web-svc-logout

This folder contains an Ansible role to deploy and configure the Universal Logout Service.

Description

This role sets up the universal logout proxy service, a Dockerized Python Flask container that coordinates logout requests across multiple OIDC-integrated applications. It also configures the necessary Nginx proxy snippets and environment variables to enable unified logout flows.

It solves the common challenge of logging a user out from all connected apps with a single action, especially in environments where apps live on multiple subdomains and use OIDC authentication.

Overview

  • Deploys the universal logout service container based on the official universal-logout GitHub repository.
  • Configures the logout domains dynamically based on application inventory and features using custom Ansible filters.
  • Provides an Nginx /logout proxy configuration snippet that handles CORS and forwards logout requests to the logout service.
  • Supplies a user-friendly logout conductor UI that requests logout on all configured domains and shows live status.
  • Designed to be used as the Front Channel Logout URL for Keycloak or other OpenID Connect providers, enabling a seamless, service-spanning logout experience.

Features

  • Automatic discovery of logout domains from applications with the features.logout flag enabled.
  • Centralized logout proxy that clears cookies and sessions across all configured subdomains.
  • Status page with live feedback on logout progress for each domain.
  • Built-in support for Docker Compose deployment and integration with the Infinito.Nexus ecosystem.
  • Includes security-conscious headers (CORS, CSP) for smooth cross-domain logout operations.

Further Resources

This role is licensed under the Infinito.Nexus NonCommercial License.