Page History
When the user logs out from a Blueriq application, there are two possible outcomes:
- the user logs out from Blueriq only
- the user logs out from both Blueriq and the identity provider, effectively ending the Single-Sign-On session
The outcome is controlled through the blueriq.security.openid-connect.sso-logout property: when set to true, a logout from Blueriq will also trigger a logout from the identity provider by redirecting the user to the provider's End Session Endpoint.
Warning |
---|
When using SSO logout, the blueriq.security.openid-connect.end-session-endpoint property must be correctly configured. If the end-session-endpoint property is empty or not a valid HTTP URL, the Runtime will generate an error. |
Info |
---|
This functionality requires the identity provider to support OpenID Connect Session Management 1.0, which is an optional part of the OpenID Connect specification. The Runtime implements Relying Party Initiated Logout. |
When redirecting to the End Session Endpoint of the Identity Provider, The Runtime will send the post_logout_redirect_uri parameter pointing to the standard Blueriq logout page (http://<host>:<port>/<context>/server/session/logout.html). The identity provider will redirect the user back to this page after having logged the user out.