Page History
...
When redirecting to the End Session Endpoint of the Identity Provider, The Runtime will send the post_logout_redirect_uri parameter pointing to the standard Blueriq logout page (http://<host>:<port>/<context>/server/session/logout.html). The identity provider will redirect the user back to this page after having logged the user out.
Development Tools Component Security Considerations
When the Development Tools Component is in use and standard security settings are in effect, the redirect to the End Session Endpoint will be blocked due to Security: Clickjacking protection. To enable SSO logout with the Development Tools Component, the domain of the identity provider must be added to the "default-src" policy. We recommend adding this property in the application-development-tools.properties file, so it only takes effect when the Development Tools Component is active.
Code Block | ||
---|---|---|
| ||
# allow redirecting to the identity provider at example.com
blueriq.security.click-jacking-protection.content-security-policy.default-src='self' example.com |
Example Configuration
In order to enable SSO logout, SSO logout must be enabled and the URL to the End Session Endpoint must be set, as in the following example:
Code Block |
---|
blueriq.security.openid-connect.sso-logout=true
blueriq.security.openid-connect.end-session-endpoint=http://example.com/auth/realms/master/protocol/openid-connect/logout |