Users may get automatically logged back into WordPress immediately after logout when Single Sign-On (SSO) is configured with Auto Redirect to IdP enabled.
This happens because the WordPress session ends successfully, but the Identity Provider (IdP) session remains active. As a result, the user is automatically authenticated again and logged back into WordPress.
Why Does the User Get Logged Back Into WordPress?
This behavior usually occurs when Auto Redirect to IdP is enabled on the WordPress site.
In this flow:
- The user logs out from WordPress.
- WordPress immediately redirects the user back to the IdP login page.
- The IdP session is still active.
- The IdP automatically authenticates the user and logs them back into WordPress.
As a result, the user appears to never get logged out.
How Can This Issue Be Resolved?
There are two common ways to prevent users from getting logged back into WordPress immediately after logout.
Option 1: Configure Single Logout (Recommended)
Configure Single Logout (SLO) so that when the user logs out from WordPress, the logout request is also sent to the Identity Provider (IdP).
This ensures the IdP session is terminated along with the WordPress session, providing a complete logout experience.
- User is logged out from WordPress.
- The IdP session is also terminated.
- The user will not be automatically authenticated again.
Option 2: Enable Force Authentication
Enable Force Authentication so that the IdP prompts users to enter credentials on every login attempt, even if an active IdP session already exists.
This ensures users must authenticate again before logging in.
Note: Not all Identity Providers (IdPs) support Force Authentication behavior.
Important Note
If Auto Redirect to IdP is enabled, users will still be redirected to the IdP login page after logout.
With these configurations:
- With Single Logout (SLO): The user will be fully logged out from the IdP.
- With Force Authentication: The user will be asked to re-enter credentials before logging in again.
If you have any questions or need assistance, please reach out at samlsupport@xecurify.com.
