Page History

Table of Contents

Used documentation

Cookbook/ materials	Version	Location
Identity & Authorization Management (I.AM) - Overview	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv
Technical specifications Identity & Authorization Management (I.AM)- Logout	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/8f9881c65700081363c8922c5e7928da?filename=ehealth_i.am_-_logout
Cookbook Identity & Authorization Management (I.AM) - SP Shibboleth	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/9eae84bee7bf8370f12841558ed2308a?filename=ehealth_i.am_-_sp_shibboleth_v1.0.pdf
NativeSPServiceLogout wiki page	old version (2010)	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout
NativeSPSingleLogoutService wiki page	2018	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSingleLogoutService
NativeSPLogoutInitiator wiki page	2018	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator

Issue 14 in JIRA -

http://jira.ivlab.ilabt.imec.be/projects/MHEH/issues/MHEH-14

General information

The global logout will disconnect the user from the active application and the IDP. We need the last version of the IDP to support the global logout

In order to do a local logout global logout in the mobile application, the user should do it via the following possibilities:

By pressing a button integrating the URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI} and the URL_global_logout: https://www.ehealth.fgov.be/idp/profile/Logout to logout from the AS and the IDP respectively.
By closing the mobile application (i.e. the active session will be automatically closed). It is noteworthy that this case is not very recommended. The user should logout properly by sending his/her logout request via the URL_local_logout.

Basic flow

Flow	Specification
Image Modified	Use case ID	ATH-UC-09-BF
	Use case name	Global logout of a user from the mobile application
	Actors	Citizen Healthcare giver Representative of an institution
	Short Description	This use case denotes the basic flow of the global logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect) and the IDP. To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}. To logout eHealth I.AM IDP, the logout request should sent via the following URL_global_logout: https://www.ehealth.fgov.be/idp/profile/Logout
	Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
	Pre-Conditions	The user is authenticated in the mobile application The URL_local_logout The URL_global_logout
	Post-Conditions	The user is globally logged out
	Steps (basic flow)	0	The user accesses to the WebSSO based mobile application interface to logout
		1	The user presses the logout button to disconnect him/herself from the application. A popup appears to ask him/her if he/she wants to do global logout.
		2	The user accepts to do a global logout and the application sends the logout request to

the SP.

3

The SP receives the logout request and asks

:

the AS to end the active session via the URL_local_logout
the IDP to do a logout via the URL_global_logout

4

3

The AS ends the active session and notifies the

SP

client
The IDP logs out and sends a notification to the

SP

5

When the SP receives the notification from the AS and the IDP, it sends the response to the user

client
	6	The user is logged out from the mobile application and the IDP.
Exceptions (exception flows)
Frequency	Every time the user needs to logout from the application and the IDP

Alternative flow 1

Flow	Specification
Image Added	Use case ID	ATH-UC-09-AF-01
	Use case name

Local

Global logout of a user by

closing

exiting the mobile application
Actors	Citizen Healthcare giver Representative of an institution
Short Description	This use case denotes the

basic

alternative flow of the

local

global logout use case. Indeed, it consists on the

disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.

automatic global logout when the user exits the mobile application without logging out properly. It may an expected or unexpected exit.
Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions	The user is authenticated in the mobile application The URL_local_logout The URL_global_logout
Post-Conditions	The user is

locally

globally logged out
Steps (basic flow)	0	The user

accesses to

exits the

WebSSO based

mobile application

interface to locally logout

2

The SP receives the logout request and asks

without doing a logout properly
	1	The

user presses the logout button to disconnect him/herself from the SP

client detects that the client is disconnected and asks:

the AS to end the active session via the URL_local_logout
the IDP to do a logout via the URL_global_logout

3

2

The AS ends the active session and notifies the

SP4

client
The

SP sends the response

IDP logs out and sends a notification to the

user

client

5

3

The

user is logged out from the mobil application

client receive the logout responses of the AS and IDP
Exceptions (exception flows)
Frequency	Every time the user

needs to locally logout from

exits the mobile application without logging out

Page tree

Versions Compared

Old Version 4

New Version Current

Key

Used documentation

General information

Basic flow

Alternative flow 1