Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can see useiframelogoutwithidtokenhint is set to true (line 7). This has to be set for the logout to work.

...

Code Block
{
   "clientid": "cos",
   "clientsecret": "0lLM43yeXPKtBzyH7s3p5mKzWGS1dLVT",
   "authority": "https://idp.externalprovider.com",
   "useuserinfoendpoint": true,
   "requirehttpsmetadata": false,
   "useiframelogoutwithidtokenhint":true
 }

id_token_hintwhen in the logout request, but we will do so as must implementation require it anyways

...

is recommended but not required by OpenID Connect RP-Initiated Logout 1.0. In order to logout from external logon providers such as KeyCloak or SwissId id_token_hint is required!

Note

URLs to be redirected to after logout need to be configured as Trusted Sites (trusted_address setting) within your web application (the web application, that starts the logout process), otherwise Content Security Policy (CSP) will block the request.

How it works

Login

During authentication to external provider the id_token will be saved to CoreOne Suite cache. The reference to the token will be saved in cookie external_id_token_ref_{auth_scheme}(for multiple browser scenario).

...