I have a React web app that is secured with Zero Trust (using Warp) and using CloudFlare Access.
When first go to the website, I am correctly authenticated with my supplied identity provider and the JWT is correctly validated. I get a CF_Authorization cookie with a valid JWT that identifies me correctly.
The problem happens when I logout. What I do when I log out is clear my CF_Authorization cookie and redirect to the logout url: https://${domain}.cloudflareaccess.com/cdn-cgi/access/logout?returnTo=${rootLink}
The cookie is removed and the returnTo url redirects my back to my app. I expect to be redirected to my identity provider’s login, but that doesn’t happen. Instead my app attempts to run without a CF_Authorization cookie and nothing works.
To make a long story even longer, what might I be doing incorrectly?
1 Like
Hi,
I have the same issue, I was able to call the logout and CF_Authorization cookie got deleted. However, during the redirection, it’s not prompting for the IDP login, instead directly landing onto the app.
Please share what you did if you make it to work.
Thanks,
Rao
Another year later,
I am facing the same - Logout via /cdn-cgi/access/logout seems working fine, I am getting a message that I was successfully logged out. The JWT cookie was indeed deleted. Going back to the App, it logs me in straight away, no SSO Challange - the SAML still seems to be valid.
Reading through [Preformatted text](https://developers.cloudflare.com/cloudflare-one/identity/users/session-management) I wonder if the logout only clears the application, not the global session token?
Is there any way to force another SSO login - If it is a shared computer, used by multiple employees we need to be able to “fully” log-out.