You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

When the user logs out from a Blueriq application, there are two possible outcomes:

  • the user logs out from Blueriq only
  • the user logs out from both Blueriq and the identity provider, effectively ending the Single-Sign-On session


The outcome is controlled through the blueriq.security.openid-connect.sso-logout property: when set to true, a logout from Blueriq will also trigger a logout from the identity provider by redirecting the user to the provider's End Session Endpoint.

When using SSO logout, the blueriq.security.openid-connect.end-session-endpoint property must be correctly configured. If the end-session-endpoint property is empty or not a valid HTTP URL, the Runtime will generate an error.

This functionality requires the identity provider to support OpenID Connect Session Management 1.0, which is an optional part of the OpenID Connect specification. The Runtime implements Relying Party Initiated Logout.


When redirecting to the End Session Endpoint of the Identity Provider, The Runtime will send the post_logout_redirect_uri parameter pointing to the standard Blueriq logout page (http://<host>:<port>/<context>/server/session/logout.html). The identity provider will redirect the user back to this page after having logged the user out.

  • No labels

Didn't find the answer you were looking for? Try the advanced search