SAML Logout not working

derw0lf · November 5, 2025, 10:44am

Infos:

Used Zammad version: 6.5.2-1759415232.d5d8c7ec.jammy
Used Zammad installation type: package
Operating system: Ubuntu 22.04
Browser + version: Chrome 141.0.7390.123

Expected behavior:

I am logged in via Authentik SAML Login and when I click on “Sign out” in Zammad my account should be logged out from the system.

Actual behavior:

I am clicking on “Sign out” in Zammad and get redirected to my Authentik System. In the production.log on the Zammad server I can see the following line:

I, [2025-11-05T11:30:10.716125#2515936-23752000]  INFO -- : Started DELETE "/api/v1/signout" for 91.249.255.18 at 2025-11-05 11:30:10 +0100
I, [2025-11-05T11:30:10.724514#2515936-23752000]  INFO -- : Processing by SessionsController#destroy as JSON
I, [2025-11-05T11:30:10.739900#2515936-23752000]  INFO -- : Completed 200 OK in 15ms (Views: 0.4ms | ActiveRecord: 1.9ms (7 queries, 2 cached) | GC: 0.0ms

Afterwards I just open the URL from our Zammad instance and my account is still logged in.

We use Authentik in Version 2025.10.0 and did not set any Single Logout Service URL directly in the provider.

Is there someone who has a working logout procedure with Authentik and Zammad?

Thanks and regards

Bloom · November 7, 2025, 9:01am

Never worked with authentik but i think you need an Logout Service URL. As far as i know Zammad only logs you out locally, but your Authentik session stays active so you’re instantly logged back in.
I think to fix this, you simply point Zammad’s logout to Authentik’s global logout endpoint at /if/session-end/
You can add the url in your third party SAML settings.