Hello,


I have an Azure AD setup for SSO on my personal environment. I'm trying to have a session logout for one of my application, that I enabled using the Factory Configuration component from forge. 


I tested the session logout config without the Azure AD SSO(using Outsystems default login) and it works well. But when I switch to Azure AD, the system does not log me out. I suspect this is because of the tokens issued by Azure, that have a default value of 1 hour, but I tested it and the app is still not logged out after an hour. Can anyone explain what I might be doing wrong? I also have the "remember login" set to false.


Thanks,

Junaid

did you config the logout properly one the config in OS? did you use the action to do the logout? did you check the log of the error when you try to logout? 

Junaid Jalal wrote:

Hello,


I have an Azure AD setup for SSO on my personal environment. I'm trying to have a session logout for one of my application, that I enabled using the Factory Configuration component from forge. 


I tested the session logout config without the Azure AD SSO(using Outsystems default login) and it works well. But when I switch to Azure AD, the system does not log me out. I suspect this is because of the tokens issued by Azure, that have a default value of 1 hour, but I tested it and the app is still not logged out after an hour. Can anyone explain what I might be doing wrong? I also have the "remember login" set to false.


Thanks,

Junaid


Did you manage to solve the problem?

Solution

Carlos Lessa wrote:

Junaid Jalal wrote:

Hello,


I have an Azure AD setup for SSO on my personal environment. I'm trying to have a session logout for one of my application, that I enabled using the Factory Configuration component from forge. 


I tested the session logout config without the Azure AD SSO(using Outsystems default login) and it works well. But when I switch to Azure AD, the system does not log me out. I suspect this is because of the tokens issued by Azure, that have a default value of 1 hour, but I tested it and the app is still not logged out after an hour. Can anyone explain what I might be doing wrong? I also have the "remember login" set to false.


Thanks,

Junaid


Did you manage to solve the problem?

Hi Carlos,

I was able to solve this by explicitly adding an idle time counter Javascript and calling the logout flow through a hidden button. The issue was with Azure, where it re-issued token if the request was from same client, even after an hour. 


To avoid going into the no-permission flow and re-issuing of token, the javascript explicitly calls the logout action.




Solution