Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
{
   "clientid": "cos",
   "clientsecret": "0lLM43yeXPKtBzyH7s3p5mKzWGS1dLVT",
   "authority": "https://idp.externalprovider.com",
   "useuserinfoendpoint": true,
   "requirehttpsmetadata": false,
   "useiframelogoutwithidtokenhint":true
 }

Standard OIDC does not require to send id_token_hint when in the logout request, but we will do so as must implementation require it anyways

...

is recommended but not required by OpenID Connect RP-Initiated Logout 1.0. In order for logout from external logon provider to work, it is required by CoreOne Suite.

Note

URLs to be redirected to after logout need to be configured as Trusted Sites (trusted_address setting) within your web application (the web application, that starts the logout process), otherwise Content Security Policy (CSP) will block the request.

How it works

Login

During authentication to external provider the id_token will be saved to CoreOne Suite cache. The reference to the token will be saved in cookie external_id_token_ref_{auth_scheme}(for multiple browser scenario).

...