OpenID Backchannel Logout contains no Logout Token
I am trying to implement Single-Sign-Out procedure within my clients and Identity Provider (Identity Server 4). I managed to set correctly an Iframe page that gets rendered whenever a user logs out (either from the Identity Server itself or from a client). Such rendering triggers the call of the endsession endpoint, which is an internal mechanism of Identity Server that calls all the clients who have a BackChannelLogoutUri registered. My client receives the call from Identity Server (it's a POST call) but unfortunately the call is not authenticated.
This causes a redirect in my client due to a non authorized call. At the same time I cannot really debug what's happening in this endsession endpoint of Identity Server. Any tips by any chance on how to proceed?
You need to use [AllowAnonymous] attribute on your POST action for single sign out in your client application. The user in this case is validated not by cookie, but by the logout_token that Identity Server passes in the POST call.
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?