User.logout - REST API

Overview

Logs a user out of an existing SSO session - this makes the user no longer logged into any of the SSO-based applications.

This call never reports if input UST was valid or not, it always returns status “ok” even if UST did not exist. This is in order to make it more difficult for attackers to discover what of UST they may have access to are, or were, valid.

Note that there may be additional details in server logs in case of input validation errors.

  • HTTP method: POST
  • URL path: /zato/sso/user/logout

Request

Name Datatype Optional Notes
ust string User session token to log out by
current_app string Name of application that the call is attempted from

Response

(None)

Usage

$ curl -XPOST localhost:17010/zato/sso/user/logout -d '
  {
  "ust":         "gAAAAABak99-tQYi0TncwDhNTGR...",
  "current_app": "CRM"
  }'

{
  "status": "ok",
  "cid": "229d2d989a88f633ddebc505"
}