Configure OpenID Connect SSO log out
Configure log out from the OpenID Connect Single Sign on (SSO) authentication server after an application ends.
The Genero delegate service, OpenIDConnectServiceProvider, automatically redirects the user agent to the OpenID Connect end session URL (if specified). Normally, you do not need to configure this logout if you have an OpenID delegate service set for your application.
IDP_LOGOUT_URL
and SIGN_OFF
, in the
DELEGATE
element to specify the logout.If you do not specify SSO log out options in the application configuration, on closing the
application the user will not be logged out from the IdP. This is the equivalent of
specifying <SIGN_OFF>FALSE</SIGN_OFF>
in the DELEGATE
element.
Troubleshooting
Google does not follow the OpenID-Connect protocol fully. If your IdP provider is Google, for example, the following configuration shows how to implement the logout.
The delegation SSO log-out feature is provided in FGLGWS and GAS version 3.20.