[mitreid-connect] simple-web-app and OIDC : single logout

Justin Richer jricher at mit.edu
Mon Aug 17 12:23:25 EDT 2015


Yes, that is intentional. The web sessions between the two applications 
are different, and you don't want a single RP to be able to force a 
logout at the IdP. The OIDC Session Management spec (still in draft) 
does have a mechanism to let an RP request a logout at the IdP, but that 
has not yet been implemented in MITREid Connect.

  -- Justin

On 8/17/2015 10:02 AM, Zhanna Tsitkov wrote:
> Hi,
> While testing with the simple-web-app I’ve noticed that logout from the application does not cause the OIDC logout.  Was it intentional?  What are the recommendations how to implement single logout?
> Thanks,
> Zhanna
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect



More information about the mitreid-connect mailing list