kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 07:18:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d96bfc64a6e8c6ef4332e124ddf212042770e946
computer-playbook/roles/web-svc-logout
History
Kevin Veen-Birkenbach 6ea8301364 Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces 
- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
  * cmp-db-docker → sys-stk-back-stateful
  * cmp-docker-oauth2 → sys-stk-back-stateless
  * srv-domain-provision → sys-stk-front
  * cmp-db-docker-proxy → sys-stk-full-stateful
  * cmp-docker-proxy → sys-stk-full-stateless
  * cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.

Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431
2025-08-28 22:23:09 +02:00
..
config
replaced port-ui-desktop with desktop to make it more speakable
2025-08-14 11:45:08 +02:00
filter_plugins
Restructured server config
2025-08-07 11:31:06 +02:00
meta
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
tasks
Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces
2025-08-28 22:23:09 +02:00
templates
Refactor docker-compose build logic and pull policy
2025-08-28 11:25:35 +02:00
vars
Optimized CSP check
2025-08-07 09:33:19 +02:00
__init__.py
Implemented universal logout
2025-07-22 13:14:06 +02:00
README.md
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
Todo.md
Implemented universal logout
2025-07-22 13:14:06 +02:00

README.md

web-svc-logout

This folder contains an Ansible role to deploy and configure the Universal Logout Service.

Description

This role sets up the universal logout proxy service, a Dockerized Python Flask container that coordinates logout requests across multiple OIDC-integrated applications. It also configures the necessary Nginx proxy snippets and environment variables to enable unified logout flows.

It solves the common challenge of logging a user out from all connected apps with a single action, especially in environments where apps live on multiple subdomains and use OIDC authentication.

Overview

  • Deploys the universal logout service container based on the official universal-logout GitHub repository.
  • Configures the logout domains dynamically based on application inventory and features using custom Ansible filters.
  • Provides an Nginx /logout proxy configuration snippet that handles CORS and forwards logout requests to the logout service.
  • Supplies a user-friendly logout conductor UI that requests logout on all configured domains and shows live status.
  • Designed to be used as the Front Channel Logout URL for Keycloak or other OpenID Connect providers, enabling a seamless, service-spanning logout experience.

Features

  • Automatic discovery of logout domains from applications with the features.logout flag enabled.
  • Centralized logout proxy that clears cookies and sessions across all configured subdomains.
  • Status page with live feedback on logout progress for each domain.
  • Built-in support for Docker Compose deployment and integration with the Infinito.Nexus ecosystem.
  • Includes security-conscious headers (CORS, CSP) for smooth cross-domain logout operations.

Further Resources

This role is licensed under the Infinito.Nexus NonCommercial License.