Problem/Motivation

When "Allow authentication with local Drupal accounts" is enabled and "Redirect URL after logging out" is set, the user is not redirected to this path if they are logged in via their local authentication.

The redirect does apply to SAML-authenticated-user logout correctly.

However, the placement of this Redirect URL field in the Local authentication tab makes it seem like it should apply to local authenticated user logouts too.

Steps to reproduce

  1. Enable the Allow authentication with local Drupal accounts at /admin/config/people/simplesamlphp_auth/local.
  2. Set the Redirect URL after logging out value to some valid, internal path.
  3. Save your changes and log out

The user is redirected to the homepage instead of the configured redirect URL.

Proposed resolution

It redirects to the <front> is because Drupal core's logout controller hard-codes the redirect. This behavior clashes with the expected behavior this field represents.

Provide a route alter to override the redirect behavior for local authenticated log-out.

To keep this change backwards compatible, it may be necessary to add a checkbox to optionally perform this override.

Comments

jcandan created an issue. See original summary.

jcandan’s picture

jcandan commented
Status: Active » Closed (works as designed)
Related issues: +#3088028: Impossible to logout with a user authorized to log in the standard way

Turns out I was using patch #10 from #3088028: Impossible to logout with a user authorized to log in the standard way.

So, I've opted to remove that patch and go with the deactivate-saml-in-lower-environments recommendation from comment #11 in #3088028.

This seems to have fixed my issue.