Configure single logout (SLO) in OpenID Connect (OIDC) authentication for applications running on SAP BTP, Neo environment. Ensure seamless logout functionality for all applications deployed on this subaccount.
- You have an Identity Authentication tenant you've configured for OIDC authentication with your Neo subaccount. See OpenID Connect (OIDC) Authentication.
- In your Neo subaccount, you have a deployed application using OIDC Authorizaton Code Flow. See (Identity Authentication documentation) Using Authorization Code Flow.
- In your Neo subaccount, you have configured OIDC authentication. See OpenID Connect (OIDC) Authentication.
On the Identity Authentication tenant side, you need to configure a set of URIs that will corespond to the logout URIs of the applications deployed in you Neo subaccount.
-
Open the Administration Console of the Identity Authentication tenant.
-
In the Applications & Resources dropdown menu, navigate to Applications.
-
From the list of applications select the application representing your subaccount's OIDC configuration.
The application created for your subaccount's OIDC configuration has the following name:
SAP BTP Neo OIDC Application - <subaccount> -
On the right click on the OpenID Connect Configuration.
-
From here you can add the following URIs for SLO with your Neo applications:
Redirect URIs- The redirection URIs to which the response can be sentFront-Channel Logout URIs- These URIs are where the service will trigger logout when session endsPost Logout Redirect URIs
For more information about configuring these URIs, see:
- Configure OpenID Connect Application for Authorization Code Flow
- Redirect URIs, Post Logout Redirect URI Rules
Back-Channel Logout URIsare not supported for this SLO scenario. -
Click the Save button in the top right corner.