Page History

...

Cookbook/ materials	Version	Location
Identity & Authorization Management (I.AM) - Overview	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/c87f7d093e56ff1054c73d6aae09e0bb?filename=ehealth_i.am_-_overv
Technical specifications Identity & Authorization Management (I.AM)- Logout	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/8f9881c65700081363c8922c5e7928da?filename=ehealth_i.am_-_logout
Cookbook Identity & Authorization Management (I.AM) - SP Shibboleth	1.0	https://www.ehealth.fgov.be/ehealthplatform/file/view/9eae84bee7bf8370f12841558ed2308a?filename=ehealth_i.am_-_sp_shibboleth_v1.0.pdf
NativeSPServiceLogout wiki page	old version (2010)	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout
NativeSPSingleLogoutService wiki page	2018	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSingleLogoutService
NativeSPLogoutInitiator wiki page	2018	https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator
Issue 14 in JIRA	-	http://jira.ivlab.ilabt.imec.be/projects/MHEH/issues/MHEH-14

General information

The IDP has itself a Logout link to end its own session properly.

Logout in an application and the IDP can be combined if needed but should be done with care as this actually breaks SSO.

logout by :

3 types of logout:

local logout will disconnect the user only from the active application. He/she will still authenticated to the IDP.

In order to do a local logout in the mobile application, the user should do it via the following possibilities:

By pressing a button integrating the URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.
By closing the mobile application (i.e. the active session will be closed). It is noteworthy that this case is not very recommended. The user should logout properly by sending his/her logout request via the URL_local_logout.

Flow	Specification
Image Added	Use case ID	ATH-UC-08-BF
	Use case name	Local logout of a user from the mobile application via URL_local_logout
	Actors	Citizen Healthcare giver Representative of an institution
	Short Description	This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.
	Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
	Pre-Conditions	The user is authenticated in the mobile application The URL_local_logout
	Post-Conditions	The user is locally logged out
	Steps (basic flow)	0	The user accesses to the WebSSO based mobile application interface to locally logout
		1	The user presses the logout button to disconnect him/herself from the SP
		2	The SP receives the logout request and asks the AS to end the active session via the URL_local_logout
		3	The AS ends the active session and notifies the SP
		4	The SP sends the response to the user
		5	The user is logged out from the mobil application
	Exceptions (exception flows)
	Frequency	Every time the user needs to locally logout from the application

Flow	Specification

FlowSpecification

Image Removed


	Use case ID	ATH-UC-08-

BF

AF-01
Use case name	Local logout of a user

from the mobile

by closing the mobile application
Actors	Citizen Healthcare giver Representative of an institution
Short Description	This use case denotes the basic flow of the local logout use case. Indeed, it consists on the disconnection from the authorization server (called also the IAM connect). To logout eHealth I.AM Connect via OpenID, the logout request should sent via the following URL_local_logout: https://api.ehealth.fgov.be/auth/realms/{REGISTERED_REALM}/protocol/openid-connect/logout?redirect_uri={REGISTERED_APP_REDIRECT_URI}.
Priority	1 (High) Must have: The system must implement this goal/ assumption to be accepted.
Pre-Conditions	The user is authenticated in the mobile application The URL_local_logout
Post-Conditions	The user is locally logged out
Steps (basic flow)	0	The user accesses to the WebSSO based mobile application interface to locally logout
	1	The user presses the logout button to disconnect him/herself from the

SP

SP
	2	The SP receives the logout request and asks the AS to end the active

session

session via the URL_local_logout
	3	The AS ends the active session and notifies the SP
	4	The SP sends the response to the user
	5	The user is logged out from the mobil application
Exceptions (exception flows)
Frequency	Every time the user needs to locally logout from the application