Logout not working in modern layout

[mart]

Hello,

We run Zimbra NE 10.0.1.1684843569-2.u20. It seems since a recent update, the logout from the modern design is not working. We use ZimbraWebClientLogoutURL to logout on the IdP/SSO as well, after logging out in zimbra, so maybe that is related. This redirect *works* fine. In the browser's webdeveloper log, I also see that the webclient is trying to do soap request to terminate the session (with 'EndSessionRequest' as content)

This request fails, it results in a 500 error, with the message "no valid authtoken present", the `mailbox.log` shows a similar error: `SoapEngine - no valid authtoken present: cannot dispatch request`.

After reading the internet, I found out that it is possible to disable CSRF token checks with:

zmprov mcf zimbraCsrfTokenCheckEnabled FALSE
zmmailboxdctl restart

After that, I do not see the same error anymore, and the Soap request results in a 200. Also the log looks normal now:

2023-06-08 03:31:22,174 INFO [qtp2138564891-242:https://xxxxxxxxxxxxxx/service/soap] [name=xxxxxx@xxxxxxxx;mid=7;ip=*.*.*.*;port=39346;ua=ZimbraModernWebClient - FF113 (Linux)/10.0.1_GA_4549;soapId=465dcd2e;] soap - EndSessionRequest elapsed=2

However, if I go to the zimbra client domain, I discover I am still logged in and shows mail directly. It does not forward to the IdP/SSO server. Obviously this is a security risk, especially for those logging in from remote/guest computers.

Any ideas? Is it a configuration issue or a bug?

[phoenix]

As this is question about NE I'd suggest you raise a support case.

[mitesh.savani]

Can you please add `virtual host` on Default domain and restart the mailbox if virtual host not present.

Refer: http://docs.zimbra.com/docs/os/8.6.0/ad ... ingle=true