Used documentation
| Cookbook/ materials | Version | Location |
|---|---|---|
| Identity & Authorization Management (I.AM) - Overview | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv |
| Technical specifications Identity & Authorization Management (I.AM)- Logout | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/8f9881c65700081363c8922c5e7928da?filename=ehealth_i.am_-_logout |
| Cookbook Identity & Authorization Management (I.AM) - SP Shibboleth | 1.0 | https://www.ehealth.fgov.be/ehealthplatform/file/view/9eae84bee7bf8370f12841558ed2308a?filename=ehealth_i.am_-_sp_shibboleth_v1.0.pdf |
| NativeSPServiceLogout wiki page | old version (2010) | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout |
| NativeSPSingleLogoutService wiki page | 2018 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSingleLogoutService |
| NativeSPLogoutInitiator wiki page | 2018 | https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator |
General information
The global logout will disconnect the user from the active application and the IDP. We need the last version of the IDP to support the global logout
In order to do a global logout in the mobile application, the user should do it via the following possibilities:
- By pressing a button integrating the URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI} and the URL_global_logout: https://www.ehealth.fgov.be/idp/profile/Logout to logout from the AS and the IDP respectively.
- By closing the mobile application (i.e. the active session will be automatically closed).
Basic flow
| Flow | Specification | ||
|---|---|---|---|
| Use case ID | ATH-UC-09-BF | |
Use case name | Global logout of a user from the mobile application | ||
Actors |
| ||
Short Description | This use case denotes the basic flow of the global logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect) and the IDP.
| ||
| Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 0 | The user accesses to the WebSSO based mobile application interface to logout | |
1 | The user presses the logout button to disconnect him/herself from the application. A popup appears to ask him/her if he/she wants to do global logout. | ||
| 2 | The user accepts to do a global logout and the application sends the logout request to:
| ||
3 |
| ||
6 | The user is logged out from the mobile application and the IDP. | ||
Exceptions (exception flows) | |||
Frequency |
| ||
Alternative flow 1
| Flow | Specification | ||
|---|---|---|---|
| Use case ID | ATH-UC-09-AF-01 | |
Use case name | Global logout of a user by exiting the mobile application | ||
Actors |
| ||
Short Description | This use case denotes the alternative flow of the global logout use case. Indeed, it consists on the automatic global logout when the user exits the mobile application without logging out properly. It may an expected or unexpected exit. | ||
| Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | ||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 0 | The user exits the mobile application without doing a logout properly | |
1 | The client detects that the client is disconnected and asks:
| ||
2 |
| ||
| 3 | The client receive the logout responses of the AS and IDP | ||
Exceptions (exception flows) | |||
Frequency |
| ||
