Issue
- We are utilizing OpenID Connect (AWS Cognito) for logging into Liferay; however, the users remain logged into the SSO system even after logging out of Liferay.
Environment
- Liferay DXP 7.4
Resolution
- Currently Liferay's OpenID Connect (OIDC) implementation does not include SLO functionality. Hence, it would not be possible to configure Liferay to perform the SLO that automatically logs users out of both SP and IDP.
- However, it may be achieved if the Identity Provider can somehow trigger the token revoke. (Please note that this will be completely up to you as it will require configuration in your IDP)
- Furthermore, the Service Provider-initiated Single Log Out is supported by the SAML protocol, as a result, you might consider utilizing this.
Additional Information
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión