Issue

Firstly, it is important to understand that if you use the Windows STS (default install), that it will log you in automatically if you navigate to any K2 site. So what happens is that if you click on logout, it is actually doing the logout as it should, but as part of the logout process it redirects you back to a K2 site which then automatically logs you back in.

Secondly, the K2 Auto login section under Settings is not used to change who is logged into the site and that is why you can't change the username in that section. K2 Auto login is for Single Sign On purposes which is used in calls made from the server to another system without asking the user for his credentials again. If this was just in an attempt to log in with a different user, this part of the ticket should not be looked at further.

Symptoms

User cannot sign out of K2 products when using windows STS.

Resolution

Workaround 1:

Use the Forms STS to disable the Windows STS and enable the Forms STS. Users will then be prompted for a username and password.

When they click on LogOut, it will sign the user out and redirect them to the login page that asks for a username and password, so the user will stay logged out.

To configure the Forms STS, view the following help page for more information (although it is a 4.7 help page it still applies to K2 Five): https://help.k2.com/onlinehelp/k2blackpearl/icg/4.7/default.htm#Configure/SF/SF_Authentication.htm

Workaround 2:

Add a LogOutURL configuration setting. Alternatively, add the following setting to both the designer and runtime sites under the App settings sectionweb.conf file.

The value of the setting is in the following format:

https://[client k2 site url]/Runtime/logout.aspx?ReturnUrl=[URL whereto the user must be redirected to after logout]?

It is important to have the question mark at the end of the value.