Configure SSO log out
Configure user log out option from the OpenID Connect/OAuth2 Single Sign on authentication server after an application ends.
The Genero delegate service, OpenIDConnectServiceProvider, automatically redirects the user agent to the end session URL (if specified). Normally, you do not need to configure this logout if you have an OpenID delegate service set for your application.
As Identity providers generally have not yet implemented the
logout session management protocol, then a configuration is required. You use the SSO tags,
IDP_LOGOUT_URL
and SIGN_OFF
, in the DELEGATE
element to specify the logout.
If you do not specify SSO log out options in the application configuration, on
closing the application the user will not be logged out from the IdP. This is the equivalent
of specifying <SIGN_OFF>FALSE</SIGN_OFF>
in the DELEGATE
element.
Troubleshooting
Google does not follow the OpenID-Connect protocol fully. If your IdP provider is Google, for example, the following configuration shows how to implement the logout. Your IdP may be different, refer to the IdP documentation for information about the SSO log out options.
The delegation SSO log-out feature is provided in FGLGWS and GAS version 3.20.