We're trying to redirect the user to an URL (<REDIRECT_URL>) when performing a logout:
We've spotted that redirect is not performed whether <REDIRECT_URL> contains :, ? and/or ?. It's not possible, for example, to redirect to http://www.ptc.com
Log entry we get from Thingworx is:
016-12-01 21:50:12.806+0100 [L: ERROR] [O: E.c.t.s.f.ValidatingHttpRequest] [I: ] [U: Administrator] [S: ] [T: http-nio-8080-exec-4] Error occurred while validating HTTP parameter: _redirectURL
According to the documentation and other threads (like https://community.thingworx.com/message/6101#6101) it should be possible, but we were not able to achieve it.
Hi José Miguel Hernández, Try using the logout button available in the ThingWorx marketplace:
I hope it helps
That's correct. But the core logout button allows only Mashup as redirect url and the Marketplace extension allows any url.
Mashup redirect does not make sense to me after logout as it would not be accessible after logout so I suggested the Marketplace logout extension instead.
Thanks for your feedback. Logout widget is not valid so this is not included in a mashup.
We're developing a service for achieving Single Sing On (SSO) between another platform and our Thx instance. So, when logout in Thx is performed, we need also to redirect to the logout service in the other platform.
To be more precise, the use case is the following:
It's an implementation of a SSO between Thingworx and other platform (let's call PlatA).
- The user triggers logout on PlatA
- PlatA invokes a service on Thingworx. This service should do:
* logout on Thingworx platform
* Go back to PlatA with result code
- Logout on PlatA
For me, it's a bug that redirectURL parameter doesn't admit an URL... but I only can see workarounds for this (and in our case they're not aplicable so we're not under a mashup or JS domain).
If it's SSO / Authentication did you look onto Thingworx Authenticators feature, maybe well suited to do a SSO solution.