单一注销可用于OpenID Connect吗? [英] Is the Single Logout available for OpenID Connect?

问题描述

根据我所做的研究，我相信ADFS(2016)支持OpenID Connect会话管理.但是我找不到我们已安装的ADFS 2016服务器的end_session_endpoint.我在Azure( https://login.windows.net/contoso.com/.well-known/openid-configuration )，则此端点为 https://login.microsoftonline.com/[tenant]/oauth2/v2.0/logout .但是不幸的是，我们在安装中没有看到类似的端点.例如，我们有授权端点，令牌端点，用户端点等，但没有这一点.

Based on the research I did, I believe ADFS (2016) is supporting OpenID Connect Session Management. But I could not find the end_session_endpoint of our installed ADFS 2016 server. I found that in Azure (https://login.windows.net/contoso.com/.well-known/openid-configuration) we have this endpoint as https://login.microsoftonline.com/[tenant]/oauth2/v2.0/logout. But unfortunately we don't see a similar endpoint in our installation. We have for example authorisation endpoint, token endpoint, user endpoint etc, but not this one.

我们是否必须使用其他配置启用此功能，否则ADFS 2016在独立安装中不支持此功能吗?

Do we have to enable this with a different configuration or ADFS 2016 doesn't support this in the standalone installation ?

感谢您的帮助.

推荐答案

即使是这样，我也不认为:会话管理规范尚未最终确定(这是实施者的草案)，实际上，替代方案已经被采用.建议，并且很难确保它可与任意RP配合使用.

I don't think it does and even if it did: the Session Management specification is not finalized (it is an implementer's draft), in fact alternatives have been proposed, and it would be hard to ensure that it works against arbitrary RPs.

这篇关于单一注销可用于OpenID Connect吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！