Issue:
After clicking the "Log Out" button in WordPress, users stay logged in and are automatically redirected back to the WordPress site instead of being signed out. This behavior occurs when both of the following conditions are met:
- The Restrict Site to Logged-in Users feature is enabled in the OAuth Single Sign-On (SSO) plugin.
- An active session of IDP still exists.
Solutions:
1. Manually Log Out from the IDP:
Since an active IDP session persists, you must first end the IDP session separately to fully log out of WordPress.
Logout instructions:
- Sign out through your Identity Provider’s (IDP) logout page to terminate the active session.
- Then, log out of WordPress using the logout option in your account menu.
This two-step process ensures you are completely signed out of both systems.
2. Configure the IDP Logout URL (Recommended if Supported):
If your IDP provides the Logout URL, configure it in the plugin so that logging out of WordPress also logs you out of the IDP automatically.
Steps to Set Up IDP Logout URL:
- Open the OAuth Single Sign-On (SSO) plugin in WordPress.
- Go to Sign-in Settings. Under the Advanced setting, configure the IDP Logout URL in the Custom redirect URL after logout section, and click the Save Settings button.
How to Check if Your IDP Supports SLO?
Refer to your IDP’s setup documentation and check the Scopes & Endpoints table for an Custom redirect URL after logout. If no URL is listed, please check with your IDP team to see if they provide a Logout URL. If they don't, use Solution 1 (Manual Logout) instead.
