Achieve logout functionality by clearing cookies from domain "authorization.sandboxcerner.com"

145 views
Skip to first unread message

kenith Aiyappa

unread,
Sep 7, 2017, 7:03:22 AM9/7/17
to Cerner FHIR Developers
  • Issue Summary: Achieve logout functionality

I am using open sandbox for testing logout of the Authorised session. We have both web and native IOS apps.

As part of the implementation, I clear the state, session etc from my site. Even after clearing, the browser retains the cookie "cloud-session" for the domain "authorization.sandboxcerner.com" which retains the logged in state. In the subsequent launch, the browser won't prompt to enter the username and password. Rather it logs in automatically. For security reasons, the browsers wont allow to delete a cookie on another site. 

So how do we achieve the logout functionality, where in all the cookies are cleared and user is prompted to enter username and
password. 

Matt Randall (Cerner)

unread,
Sep 7, 2017, 9:58:19 AM9/7/17
to Cerner FHIR Developers
Are you asking how do you do it through SMART on FHIR or other standards and expose a single log-out function in your application, or are you asking how do you test logging out with Cerner's implementation?

kenith Aiyappa

unread,
Sep 7, 2017, 11:03:53 AM9/7/17
to Cerner FHIR Developers
We are using SMART on FHIR and we would want to logout using the same. If any documentation are available for logout it would be great. 

Matthew Beermann (Cerner)

unread,
Sep 7, 2017, 11:39:11 AM9/7/17
to Cerner FHIR Developers
In your original post, I think you must have meant the Secure Sandbox, since the Open Sandbox does not have authentication or authorization (that's what makes it open).

If your application is patient-facing, the FHIR conformance document advertises a "manage" endpoint, and log out is one of the options offered on that page. See http://docs.smarthealthit.org/authorization/conformance-statement/ and http://fhir.cerner.com/authorization/ for further details. Quoting from the latter's FAQ:
  • How can my application participate in log out mechanisms provided by the organization’s single sign-on (SSO) ecosystem?

While the Cerner authorization server provides OpenID Connect support, it does not currently implement any of the draft log-out specifications currently proposed by the community. Cerner continues to track on developments in this ecosystem.

As an alternative, you may offer the user a link to “Manage Authorized Applications”, which allows the user to log out via their SSO system.

Matt Randall (Cerner)

unread,
Sep 7, 2017, 12:30:37 PM9/7/17
to Cerner FHIR Developers
SMART on FHIR does not provide a log-out mechanism, unfortunately.  We attempt to provide means for log-out in our ecosystem, but there is no SMART standard for doing so.

ken...@cura.tech

unread,
Sep 23, 2017, 12:28:26 AM9/23/17
to Cerner FHIR Developers
So is there any other Authentication mechanism which supports log-out mechanism? If so can we use that Authentication mechanism instead of SMART on FHIR?

Jean-François GOBBERS

unread,
Jan 10, 2020, 4:06:36 AM1/10/20
to Cerner FHIR Developers

Jenni Syed (Cerner)

unread,
Sep 30, 2020, 2:29:16 PM9/30/20
to Cerner FHIR Developers
Wanted to make sure that others that find this know (the disclaimer is on that link as well): That API isn't a contract - it's used in the tutorial as an example/to be able to test.
Reply all
Reply to author
Forward
0 new messages