Page History

...

The outcome is controlled through the blueriq.security.openid-connect.sso-logout property property: when set to to true, a logout from Blueriq will also trigger a logout from the identity provider by redirecting the user to the provider's End Session Endpoint.

Warning
When using SSO logout, the `blueriq.security.openid-connect.end-session-endpoint` property property must be correctly configured, either by setting the property or by discovery. If the end-session-endpoint property is empty or not a valid HTTP URL, the Runtime will generate an error.

...

When redirecting to the End Session Endpoint of the Identity Provider, The the Runtime will send the the post_logout_redirect_uri parameter pointing to the standard Blueriq logout page (http://<host>:<port>/<context>/server/session/logout.html). The identity provider will redirect the user back to this page after having logged the user out.

Alternatively, if the Material theme is used, the theme will send the post_logout_redirect_uri parameter pointing to the logged-out route.

Development Tools Component Security Considerations

...

Warning

Auth0.com does not expose the end_session_endpoint in the metadata, but it defines GET <domain>.auth0.com/v2/logout for the same purpose. If the discovery feature is turned on and the sso-logout property is set true, the application won't work login in a secured Blueriq application will return an error because the REQUIRED end_session_endpoint is missing from the auth0.com configuration metadata response. There is no fallback for reading the end-session-endpoint from the property file if it is not found in the identity provider metadata, so we advice the following when using aut0.com:

Either don't use discovery and specify the end-session-endpoint manually
Or
Set sso-logout to false when using discovery feature, but in that case, the logout will not work.

...

Space shortcuts

Page tree

Versions Compared

Old Version 8

New Version Current

Key

Development Tools Component Security Considerations