Invoking the logout endpoint for OpenID Connect
A client uses the logout endpoint to clear the provider-side session and cookies for a web browser.
Before you begin
To completely clear a
single-sign-on browser session, ensure that a protected application accomplishes the following
tasks:
- Calls the HttpServletRequest.logout() method
- Redirects the browser to the logout endpoint
About this task
The logout endpoint accepts a GET request with no parameters and clears the provider-side session and cookies, if present.
Procedure
In a web browser, access the URL for the OpenID Connect logout endpoint.
The URL is https://server.example.com:443/oidc/endpoint/<provider_name>/logout.
A Liberty server with OpenID Connect enabled has access to the OpenID Connect logout endpoint at this URL.
Results
- Provider-issued cookies are removed, if present.
- A default logout page is displayed, or the browser is redirected to a custom logout page.
- If an exception occurs, a default exception page is displayed instead.