GET /api/login/endsession

Ends the current session for the user, either on user logout or on session timeout. If user is actively logging out, and had logged in via an external identity provider or remote tenant, this operation also initiates single logout with the external provider or remote tenant.

Used when the user initiates logout; also used by the developer portal user interface to log the user out when a session times out due to inactivity.

Note: we recommend using this operation to end the user's session, rather than the POST /api/login/logout operation which will be deprecated.

Authorization Roles/Permissions: Must be logged in.

This topic includes the following sections:

HTTP Method

GET

Back to top

URL

https://{hostname}/api/login/endsession

Back to top

Sample Request

The example below shows a request for ending the session, initiated by the user; for example, the user clicks the Log Out button in the developer portal.

Request URL

https://{hostname}/api/login/endsession

Sample request headers

GET http://{hostname}/api/login/endsession  HTTP/1.0
Host: {hostname}
Accept: application/json, text/javascript, */*; q=0.01

Sample request body

Not applicable.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
returninstructions returnInstructions boolean optional

Indicates if further information is needed for the user's logout.

For session timeout, this parameter is ignored. If the user logs out, and this parameter is included with a value of true, the platform returns a LogoutResponse JSON object with Relying Party logout information (IDPLogoutInfo) and logout information for each remote federation member (RPLogoutInfo).

event event string optional If the user's session times out due to inactivity, the developer portal sends this parameter with a value of session_timeout. If the event is a timeout, the operation logs the user out of the platform, removing any session cookies, but does not initiate SLO (single logout) with the identity provider, in scenarios where a third-party identity provider is used.
postlogouturl postlogouturl string optional

Used with external domains that support SLO (for example, CA SiteMinder), to pass the developer portal home URL to the external domain so that the external domain can use this value to replace placeholders, if any exist, or to add a query parameter with this value in the configured logout URL in the external domain. This value determines where the user-agent is redirected after logout from the external domain is complete.

The URL must be URL-safe, using escape characters as needed. For example, instead of HTTP://, use http%3A%2F%2F.

Back to top

Response

If successful, this operation returns HTTP status code 200, and the cookies are removed.

Back to top

Sample Response

The sample responses below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/json
Expires: Wed, 22 Apr 2015 11:56:38 GMT
Set-Cookie: Csrf-Token_acmepaymentscorp=none;path=/;expires=Wed, 22 Apr 2015 11:56:38 GMT
AtmoAuthToken_acmepaymentscorp=none;path=/;expires=Wed, 22-Apr-2015 11:56:38 GMT;HttpOnly

Sample response body #1

Returned for local logout. In this example, the user logged in locally, so there is no content in the response.

{
}

Sample response body #2

Returned on session timeout in a federated scenario.

{ 
  "RPLogoutInfo":[ 
    { 
      "location":"http://fedmember1.acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..",
      "method":"GET"      
    },
    { 
      "location":"http://fedmember2.acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..",
      "method":"GET"
    }
  ] 
}

Sample response body #3

Returned on user logout in a federated scenario with IdPs, returninstructions = true.

{ 
  "RPLogoutInfo":[ 
    { 
      "location":"http://acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..",
      "method":"GET"
    },
    { 
      "location":"http://acmepaymentscorp.com/api/login/logout?atmoCallbackFn=?..",
      "method":"GET"
    }
  ],
  "IDPLogoutInfo":{ 
    "location":"http://idp.ssocircle.com/sso/SSOPost/metaAlias/ssocircle",
    "method":"POST",
    "params":[
      {
        "name":"SAMLRequest",
        "value":"nVbbkqrIEn33Kzrcj0Y3F1HU2N0TxUUEAULt79%2B6YmTPnvFUlmatWrszK4..."
      },
      {
        "name":"RelayState",
        "value":"afVGUYLlhfkdsalVKLJflajsflWJDSGF..."
      }
      ],
    "content-type":"application/x-www-form-urlencoded"
  }
}

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json

Back to top

Response Body

Name Type Description
LogoutResponse LogoutResponse

Depending on the specific logout scenario, this object might be empty or might include information that might be needed by another tenant or by an external identity provider to perform single logout. Here are some scenarios:

If the session times out, the developer portal:

  • Ignores the returninstructions parameter.
  • Ends the user’s session and expires the cookies (AtmoAuthToken, and possibly CSRF).
  • Returns the LogoutResponse JSON object with RPLogoutInfo for each remote federation member.

If the user actively ends the session, the developer portal:

  • Ends the user’s session and expires the cookies (AtmoAuthToken, and possibly CSRF).
  • If the returninstructions parameter is set to true, returns the LogoutResponse JSON object with IDPLogoutInfo if the user is logged in via a third-party provider and RPLogoutInfo for each remote federation member.
  • If the returninstructions parameter is set to false, redirects the user-agent if SLO needs to be performed at the IdP; otherwise, just returns an HTTP code 200.

See sample responses above.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
400 Bad request: Returned if the client sends invalid parameters or body content. For example, you might get this response if you didn't include the required headers.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics