Not sure if you've found an answer for this and I'm not sure I have an answer for you as I haven't tried to implement the following.

Here's what I know:

I know that without SSO enabled that you can redirect the logout page by supplying some parameters like "sysparm_goto_url=logout_redirect.do?sysparm_url=[path to your custom login page goes here]"

So for example creating a custom logout button might point to a url with this type of syntax:

logout.do?sysparm_ck=[big long id string]&sysparm_goto_url=logout_redirect.do?sysparm_url=[path to your custom login page goes here]

When the logout.do page is rendered it will take the parameters and validate the session then logout and redirect to the custom login page.

This technique often used with ServiceNow CMS.

However with SSO enabled, usually a specific logout page is set in the properties such as "external_logout_complete.do". Which after this is setup I notice that the above technique no longer works.

Maybe check what your SSO properties are set to for logout. Possibly you could set the property to the plain logout.do and create a custom UI page to land to that will contain our logic for login.

Just a suggestion. Again, I've never tried for SSO.

Hi Michal,

Have you found a solution for this? I'm also looking into this issue.

Best regards,

Hi,

We had the same issue of not being able to use logout.do?sysparm_goto_url=logout_redirect.do?sysparm_url=url with the MultiSSO plugin enabled just as Chris Burk mentionned.

What I did is to modify the installation exit of the MultiSSO (MultiSSOLogout). I added a condition that checks for the sysparm_goto_url parameter and process it if it is there, as by default this parameter is not processed.

So I added a condition to process it. Here is the new version of the process function inside the installation exit:

process : function() {

   if ( "true" != gs.getProperty("glide.authenticate.multisso.enabled")

   || this.loggedInNormal

   || this.propertiesGR.sys_class_name == 'digest_properties' ) {

   this.ssoHelper.debug("Logging out normal");

   return this.processNormalLogout();

   }


   if (this.propertiesGR.sys_class_name == 'saml2_update1_properties') {


   var binding = this.propertiesGR.idp_logout_binding;

   if (binding && binding.equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {

   this.ssoHelper.debug("Logging out saml using HTTP POST");

   var output = this.SAML2.generateLogoutRequestForm(request);

   response.setContentType("text/html");

   response.getWriter().write(output);

   } else {

   this.ssoHelper.debug("Logging out saml using HTTP Redirect");

   var goto_url = request.getParameter('sysparm_goto_url');

   if(goto_url != null){

   response.sendRedirect(request.getParameter('sysparm_goto_url'));

   }

   else{

   var req = this.SAML2.generateLogoutRequestURL(request);

   if (GlideStringUtil.nil(req)) {

   gs.logWarning("MultiSSOLogout: Logout request URL was null. Redirecting to a static page.");

   response.sendRedirect("logout_success.do");

   } else

   response.sendRedirect("logout_redirect.do?sysparm_url=" + escape(req));

   }

   }

   }


   return true;

},

The new part is the goto_url variable and the if else statement following it.