[17.0.0.4 and later]

Invoking the logout endpoint for OpenID Connect

A client uses the logout endpoint to clear the provider-side session and cookies for a web browser.

Avant de commencer

Invoking the logout endpoint is not sufficient to completely clear a single-sign-on browser session. Tokens that are held by the provider are not cleared.
To completely clear a single-sign-on browser session, ensure that a protected application accomplishes the following tasks:
  1. Calls the HttpServletRequest.logout() method
  2. Redirects the browser to the logout endpoint

Pourquoi et quand exécuter cette tâche

The logout endpoint accepts a GET request with no parameters and clears the provider-side session and cookies, if present.

Procédure

In a web browser, access the URL for the OpenID Connect logout endpoint.

The URL is https://server.example.com:443/oidc/endpoint/<provider_name>/logout.

A Liberty server with OpenID Connect enabled has access to the OpenID Connect logout endpoint at this URL.

Résultats

  • Provider-issued cookies are removed, if present.
  • A default logout page is displayed, or the browser is redirected to a custom logout page.
  • If an exception occurs, a default exception page is displayed instead.

Icône indiquant le type de rubrique Rubrique Tâche

Nom du fichier : twlp_logout_endpoint.html