When a user signs out of SharePoint via the sign out page, the user's K2 session will stay active for that user and potentially allow unauthorized access to the signed out user's K2 session. This behavior can be prevented by implementing Federation Sign Out. Although there are multiple ways of achieving this, this example illustrates editing SharePoint’s signout.aspx page to redirect to the K2 logout.aspx page ([K2 url]/ Runtime/_trust/logout.aspx or [K2 url]/Designer/_trust/logout.aspx) after signing out of SharePoint.
- Determine the URL to the logout.aspx page for your SmartForms environment. The path will look something like [K2 url]/Runtime/_trust/logout.aspx or [K2 url]/Designer/_trust/logout.aspx, depending on whether you choose to use the Designer website or the Runtime website. (While both sites should work, we recommend that you use the Runtime site for consistency and the samples will refer to the Runtime site. To determine the URL of the logout page, you can use a browser, navigate to your environment’s K2 smartforms Site and add the /_trust path, as shown below. You may need to enable Directory Browsing in IIS to show the contents of this directory.
- Copy the logout form’s URL to something like notepad. It should look something like [K2URL]/Runtime/_trust/logout.aspx
- On each SharePoint WFE server, locate the SharePoint signout.aspx page which is located in Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Template\Layouts\signout.aspx
- Make a backup copy of the signout.aspx page and then open the signout.aspx page in Notepad.
- Edit the _spBodyOnLoad() method as follows, commenting out the window.close() statement and modifying the URL to the logout page with the value you obtained earlier:
window.location.href = "[K2URL]/Runtime/_trust/logout.aspx"
- Save the changed file and close.
- Open the SharePoint Portal site and sign out as shown below.
- The user is logged out of SharePoint and will be simultaneously be logged out of K2 and will be redirected to the landing page of the SmartForms site as shown below.
- Close the browser.