Service Provider (SP) initiated SLO when using OIDC (SaaS environment)

Issue

  • We are utilizing OpenID Connect (AWS Cognito) for logging into Liferay; however, the users remain logged into the SSO system even after logging out of Liferay.

Environment

  • Liferay DXP 7.4

Resolution

  • Currently Liferay's OpenID Connect (OIDC) implementation does not include SLO functionality. Hence, it would not be possible to configure Liferay to perform the SLO that automatically logs users out of both SP and IDP.
  • However, it may be achieved if the Identity Provider can somehow trigger the token revoke. (Please note that this will be completely up to you as it will require configuration in your IDP)
  • Furthermore, the Service Provider-initiated Single Log Out is supported by the SAML protocol, as a result, you might consider utilizing this.

Additional Information

¿Fue útil este artículo?
Usuarios a los que les pareció útil: 0 de 0