DualShield Tomcat Valve supports Single Logout (SLO), or Single Sign-Out, by which a user is able to completely sign-out the application they signed into with two-factor authentication.
To implement Single Logout, the application should call the URL below:
slo_logout?RelayState={URL}
In which {URL} should be replaced with the URL of the landing page after the user has been logged out.
For example:
<html>
<head>
<title>Protected page</title>
</head>
<body>
<h1>Welcome! You're logged in</h1>
<p><strong>Success!</strong> This page is available to anyone who has been successfully authenticated</p>
<br/><br/>
<p><button onclick="location.href='slo_logout?RelayState=/index.html'">Logout</button></p>
</body>
</html>