Configure SSO log out
Configure user log out option from the OpenID Connect/OAuth2 Single Sign on authentication server after an application ends.
The Genero delegate service, OpenIDConnectServiceProvider, automatically redirects the user agent to the end session URL (if specified). Normally, you do not need to configure this logout if you have an OpenID delegate service set for your application.
As Identity providers generally have not yet implemented the logout session management protocol, then a configuration is required. You use the
SSO tags,
IDP_LOGOUT_URL
and SIGN_OFF
, in the DELEGATE
element to specify
the logout.Note: If you do not specify SSO log out options in the application
configuration, on closing the application the user will not be logged out from the IdP. This
is the equivalent of specifying
<SIGN_OFF>FALSE</SIGN_OFF>
in the
DELEGATE
element.Troubleshooting
Google does not follow the OpenID-Connect protocol fully. If your IdP provider is Google, for example, the following configuration shows how to implement the logout. Your IdP may be different, refer to the IdP documentation for information about the SSO log out options.
The delegation SSO log-out feature is provided in FGLGWS and GAS version 3.20.