DualShield Tomcat Valve supports Single Logout (SLO), or Single Sign-Out,  by which a user is able to completely sign-out the application they signed into with two-factor authentication.

To implement Single Logout, the application should call the URL below:

slo_logout?RelayState={URL}

In which {URL} should be replaced with the URL of the landing page after the user has been logged out.

For example:

<html>
	<head>
		<title>Protected page</title>
	</head>
	<body>
		<h1>Welcome! You're logged in</h1>
		<p><strong>Success!</strong> This page is available to anyone who has been successfully authenticated</p>
        <br/><br/>
        <p><button onclick="location.href='slo_logout?RelayState=/index.html'">Logout</button></p>
	</body>
</html>