OpenID Backchannel Logout contains no Logout Token
I am trying to implement Single-Sign-Out procedure within my clients and Identity Provider (Identity Server 4). I managed to set correctly an Iframe page that gets rendered whenever a user logs out (either from the Identity Server itself or from a client). Such rendering triggers the call of the endsession endpoint, which is an internal mechanism of Identity Server that calls all the clients who have a BackChannelLogoutUri registered. My client receives the call from Identity Server (it's a POST call) but unfortunately the call is not authenticated.
This causes a redirect in my client due to a non authorized call. At the same time I cannot really debug what's happening in this endsession endpoint of Identity Server. Any tips by any chance on how to proceed?
You need to use [AllowAnonymous] attribute on your POST action for single sign out in your client application. The user in this case is validated not by cookie, but by the logout_token that Identity Server passes in the POST call.
- SSO Integration between 2 webapps using Cognito
- Verify Microsoft Access token on my ASP.NET Core Web API
- How to set Azure MSAL SSO for my Nextjs14 app using Approuter and next-auth
- StackOverflow with Keycloak as login provider returns empty email address
- IdentityServer4 and SSO
- Spring Boot + Security + MVC + LDAP AD + SSO
- Issue with Windows Authentication Type on IIS with Multiple Host Bindings
- Generate IDP Certificate in Azure AD for SSO
- Disqus SSO, "Your API key is not valid on this domain"
- Sign-in With Apple: Possibility To Create Duplicate Account Issue
- AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- MS Graph InteractiveBrowserCredential , Is a Client ID registered in Azure Portal really necessary?
- Logout from next-auth with keycloak provider not works
- How to validate access token from AzureAD in python?
- Outlook SSO NAA in pure JS without node.js
- How to create SSO from Liferay to another portal / service?
- How to add ForceAuthn flag on AWS cognito
- Download file from TeamCity with SSO using bash
- Obtain token programatically to go see a page with ASP.NET application
- Which is the best sample/approach to start openiddict server to provide logins to wordpress?
- No Sustainsys.Saml2 for MVC 3? Are there any alternatives?
- Which lib to create an Identity provider to connect to service provider
- The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used
- Best way to implement Single-Sign-On with all major providers?
- Azure AD token for accessing Graph token
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Simple way to put AWS Lambda app behind SAML authentication
- Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
- Log out from SSO kerberos
- Getting TypeError: client_secret_basic client authentication method requires a client_secret