Invalidate Session during a SAML2 based SSO logout

Resolves wso2/product-ei#5542
SanojPunchihewa · Jun 20, 2023 · 6d0a299 · 6d0a299
1 parent d47232d
commit 6d0a299
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java b/core/org.wso2.carbon.ui/src/main/java/org/wso2/carbon/ui/CarbonUILoginUtil.java
@@ -338,6 +338,15 @@ protected static boolean handleLogout(CarbonUIAuthenticator authenticator,
         // This condition is evaluated when users are logged out in SAML2 based SSO
         if (request.getAttribute("logoutRequest") != null) {
         	log.debug("Loging out from SSO session");
+
+	    try {
+                invalidateSession(session);
+            } catch (Exception ignored) {
+                // Ignore exception when invalidating and invalidated session
+                if (log.isDebugEnabled()) {
+                    log.debug("Error in invalidating frontend session ", ignored);
+                }
+            }
             response.sendRedirect(contextPath + "/carbon/sso-acs/redirect_ajaxprocessor.jsp?logout=true");
             return false;
         }