How to use OIDC EndSession Endpoint

Follow

Version Affected:  All

Description:  

The OIDCEndSession Endpoint is used to allow the user to clear out our cookies. Optionally, you can use it to redirect the user back to the OpenID URL in order to get a fresh query string. 

This is very useful if you have multiple clients set up in your OpenID realm. 

 

Resolution:  

1. In your App, when the User hits Logout, redirect them to 

2. Https://youridp.example.com/secureauth123/oidcendsession.aspx?client_id=654321&post_logout_redirect_uri=https://www.example.com

  • replace youridp.example.com with the address of your idp.
  • replace secureauth123 with the correct realm number
  • replace client_id=654321 with the correct client id
  • replace https://www.example.com with the correct target url

3. The redirect uri used in the query above must exist in the Client Redirect URIs section of the post auth tab

mceclip0.png

 

Special Considerations :  

At this time, there is no hotfix for 9.2 so you have to use an older method.

Instead of supplying the Client_ID, you have to supply the ID_Token as id_token_hint

Eg:

https://localhost/secureauth16/oidcendsession.aspx?id_token_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZHAiOiJTZWN1cmVBdXRoMTYiLCJhdXRoX3RpbWUiOjE1OTM1Mjk5MzYsImFtciI6WyJwYXNzd29yZCIsImNsaWVudCJdLCJzdWIiOiJhd29vZCIsIkdyb3VwIj&post_logout_redirect_uri=https://www.example.com

Client_ID work in 9.1 Hotfix 42 and 19.07.01

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.