{"id":29573189,"url":"https://github.com/auth0-samples/auth0-single-sign-out-sample","last_synced_at":"2025-10-18T02:02:24.220Z","repository":{"id":33289410,"uuid":"36934135","full_name":"auth0-samples/auth0-single-sign-out-sample","owner":"auth0-samples","description":"Sign out from all of your enterprise applications","archived":false,"fork":false,"pushed_at":"2020-01-27T20:51:39.000Z","size":11,"stargazers_count":9,"open_issues_count":0,"forks_count":5,"subscribers_count":29,"default_branch":"master","last_synced_at":"2024-04-10T16:07:56.415Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/auth0-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-05T13:28:37.000Z","updated_at":"2022-11-29T15:10:04.000Z","dependencies_parsed_at":"2022-08-17T19:00:38.749Z","dependency_job_id":null,"html_url":"https://github.com/auth0-samples/auth0-single-sign-out-sample","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/auth0-samples/auth0-single-sign-out-sample","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-samples%2Fauth0-single-sign-out-sample","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-samples%2Fauth0-single-sign-out-sample/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-samples%2Fauth0-single-sign-out-sample/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-samples%2Fauth0-single-sign-out-sample/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/auth0-samples","download_url":"https://codeload.github.com/auth0-samples/auth0-single-sign-out-sample/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/auth0-samples%2Fauth0-single-sign-out-sample/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265893936,"owners_count":23845183,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-19T05:32:10.210Z","updated_at":"2025-10-18T02:02:24.215Z","avatar_url":"https://github.com/auth0-samples.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Auth0 Single Sign-Out Sample\n\nEnterprise users will typically have SSO enabled for multiple applications (eg: SharePoint, a few .NET applications, a few Java applications, Zendesk, ...). In this case it's very common that when users sign out this needs to happen for all of their applications.\n\nThe [logout endpoint](https://auth0.com/docs/logout) in Auth0 can work in 2 ways:\n\n - Clear the SSO cookie in Auth0\n - Clear the SSO cookie in Auth0 and sign out from the IdP (eg: ADFS)\n\nBy simply redirecting users to the logout endpoint this does not cover the scenario where users need to be signed out from all of the applications they used.\n\nIn the user's SSO session Auth0 will keep track of each application the user signed in to. This sample shows how to use this information to sign out from each application before clearing the SSO cookie in Auth0.\n\n## Configuring Auth0\n\nThis sample is an Angular.js application which is also registered as an application in Auth0.\n\n![Single Sign-Out Config](https://cdn.auth0.com/docs/img/single-sign-out-config.png)\n\nAll of the applications you are using, including the \"logout application\" need to be enabled for SSO. \n\n## How it works\n\nWhen we call the `getSSOData` method on the client-side SDK we'll see the following:\n\n```\n{\n \"err\": null,\n \"ssoData\": {\n  \"sso\": true,\n  \"sessionClients\": [\n   \"ATqGIGvsX5d9AWiOypgPOEBGkOVbrf55\",\n   \"ZDC7qh6mcXaQT6ilyiTWPmmfFI7L0aTs\",\n   \"bOFty3tWgpijnwMcltysNFqHgO1ziz1I\"\n  ],\n  \"lastUsedClientID\": \"bOFty3tWgpijnwMcltysNFqHgO1ziz1I\",\n  \"lastUsedUsername\": \"mary@fabrikamcorp.com\",\n  \"lastUsedConnection\": {\n   \"name\": \"FabrikamAD\",\n   \"strategy\": \"ad\"\n  }\n }\n}\n```\n \nThis means the user logged in to 3 different applications (`sessionClients`). The sample application will render an iframe for all of the applications (it's the responsibility of the logout application to know the url of the logout endpoint, this information is not available in Auth0.\n\n```js\n  var clients = {\n    'ATqGIGvsX5d9AWiOypgPOEBGkOVbrf55': {\n      name: 'JWT Debugger',\n      logout_url: 'http://fabrikam-jwt.azurewebsites.net/'\n    },\n    'bOFty3tWgpijnwMcltysNFqHgO1ziz1I': {\n      name: 'SharePoint Intranet',\n      logout_url: 'http://sp.fabrikamcorp.com/_layouts/15/SignOut.aspx'\n    },\n    'h2NE1kxhzzFgLpNBvcCuyefjfwFVGx49': {\n      name: 'Timesheet SaaS',\n      logout_url: 'http://fabrikam-timesheets.azurewebsites.net/account/logoff'\n    }\n  };\n```\n\nOnce the users are logged out from all of the applications they'll be redirected to the logout endpoint in Auth0 to clear the SSO cookie. If any of the applications fail to respond within the configured timeout (5sec) an error will show on the screen.\n\n*Note that for this to work, all of the applications need to have a logout endpoint accessible from a GET*\n\n## Example\n\nMary logged in to all of the applications configured in the Fabrikam account (JWT Debugger, SharePoint Intranet and Timesheet SaaS). When she hits the \"Sign-out\" button in one of these applications it should redirect to the \"Single-Logout application\" which Fabrikam is hosting somewhere (eg: https://fabrikam-logout.azurewebsites.net).\n\nThe logout application will use Mary's SSO cookie to determine from which applications she needs to sign out and render iframes pointing to the logout endpoints for each of these applications.\n\n![Logout Working](https://cdn.auth0.com/docs/img/single-sign-out-working.png)\n\nOnce logout is complete in all of these applications Mary can hit the continue button which will redirect to Auth0 and remove her SSO cookie there (and optionally also sign out from the IdP, like ADFS). Finally Mary is returned to the logout appliation which shows she's been logged out.\n\n![Logout Complete](https://cdn.auth0.com/docs/img/single-sign-out-complete.png)\n\n## Considerations\n\nThe complete single sign-out flow is based on the SSO cookie in Auth0 and rendering iframes. Take into account that:\n\n - For the IFRAMES, there's no way to detect if the IFRAME rendered correctly. You can only detect if it completed or not. For slow applications, if it takes more than 5 seconds to sign out the sample will show a red line instead of the green line.\n - Depending on specific browser settings there might be issues with the SSO cookie or the rendering of the IFRAME. \n  - In IE for example a setting called \"Protected Mode\" should be disabled or your applications will need a P3P header for this to work correctly (http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer).\n  - In Safari (depending on your settings) cookies might be restricted to a specific tab (and not shared over different tabs).\n\n## Issue Reporting\n\nIf you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.\n\n## Author\n\n[Auth0](auth0.com)\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0-samples%2Fauth0-single-sign-out-sample","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauth0-samples%2Fauth0-single-sign-out-sample","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauth0-samples%2Fauth0-single-sign-out-sample/lists"}