SSO force logout previous session

13 コメント

  • Low Chin Seng
    コメントアクション Permalink

    Hi,

    I have added the forcelogout parameter in a payload to generate the JWT token for SSO. However, I found that the previous SSO session is not logout during the second attempt of SSO.

    Any idea?

    var payload = new Dictionary<string, object>() {
                    { "iat", timestamp },
                    { "jti", System.Guid.NewGuid() },
                    { "name", sessionOrgUser.user_name },
                    { "email", sessionOrgUser.OrgUserInfo.email_address},
                    {"external_id",sessionOrgUser.OrgUserInfo.org_user_id},
                    {"organization","ccmp"},
                    {"locale_id", zendeskLocaleId},
                    {"forcelogout", "true"}
                };

    0
  • Lorraine Harbert
    コメントアクション Permalink

    We have many clients whose users share computers.  This would be a huge help for companies that have this use case. 

    0
  • Brijesh Tekrawala
    コメントアクション Permalink

    I am also facing same issue, is that any way we can explicit logout Zendesk session ? 

    I also tried {"forcelogout", "true"} , but it is not workng as expected.

     

     

    0
  • Curry Hoffman
    コメントアクション Permalink

    Has anyone had any luck in finding a solution to this issue? We also use shared computers and this presents a massive security problem.

    0
  • Murali
    コメントアクション Permalink

    Way I took care in my case was, look for existence of zendesk session and if they are not same, remove those zd_session cookies -- otherwise keep them.

    private bool AnotherZendeskSessionExists()
    {
    string email = GetEmail();
    string zdSessionId = CalculateMD5Hash(email);

    // if zd session cookie exists and hash of email value is different than it is another zendesk session
    return (Request.Cookies["zd_session"] != null && Request.Cookies["zd_session"].Value != zdSessionId);
    }

    0
  • Ankit Garg
    コメントアクション Permalink

    Hi All,

    We implemented a small enhancement recently which might be useful in this scenario.

    If User A is logged in from a browser, and without logging User A out if Zendesk gets a SSO request for User B from the same browser, we log User A out of the existing session.

    Thanks,

    Ankit

    0
  • Oliver
    コメントアクション Permalink

    @Ankit Garg: this seems not to work. We implemented JWT SSO.

    Scenario:

    1. User A login on our website
    2. User A SSO request to zendesk => redirect & logged in as User A
    3. User A leaves Zendesk without logout
    4. User A logout on our website
    5. User B login on our website
    6. User B SSO request to zendesk => redirect & logged in as User A

    How can the "old user" logged out / session destroyed?

     

    0
  • Camille Schoell
    コメントアクション Permalink

    Hello,

     

    We have the same problem here. Did Zendesk do some development in order to replace the old token when connecting with another user ?

     

    Thank you,

    1
  • Shlomi Cohen
    コメントアクション Permalink

    we have the same problem here . zendesk support  - any updates here ?

     

    1
  • Mattias Ekberg
    コメントアクション Permalink

    We too have this problem. Any solution Zendesk?

    1
  • Ruchika Sarma
    コメントアクション Permalink

    Same issue here.

    Any updates?

    Just found this article but it didn't seem to help

    https://support.zendesk.com/hc/en-us/articles/360000193788-How-do-I-terminate-a-user-s-session-

     

    1
  • Jonas Eriksson
    コメントアクション Permalink

    Just echoing the sentiment - exact same problem as Oliver's stated issue above. How can we solve this nicely?

    0
  • Senthil Kumar Chinnaswamy
    コメントアクション Permalink

    Team,

    can you please let us know, if ZenDesk is working on to fix this issue and when we can expect a solution. Appreciate an update. 

    Thanks,

    0

ログインしてコメントを残してください。

Powered by Zendesk