Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
(Single) Logout
Goal
This guide shows how to configure the AWS app for a successful logout. For a full logout, there are actually two things needed:
- Invalidate the AWS load balancer session
- Invalidate the session on the identity provider
Depending on your identity provider, there might be no (OIDC) logout URL. Thus, in this case, single log out will not work because when the AWS load balancer session gets invalidated, it will redirect back to the identity provider that still has a valid session.
Since (single) logout is not part of the OIDC specification yet, identity providers have freedom in the implementation. We include known logout URLs with this tutorial.
As of now, we know that Azure and Ping Identity should work. Amazon Cognito and ADFS may also work.
If you have questions, please contact us at https://www.resolution.de/go/support or book a free meeting via https://www.resolution.de/go/calendly.
Prerequisites
- You have app version 2.1 installed.
- Your identity provider offers an OIDC logout endpoint.
Guide
- Go to the AWS ALB & Amazon Cognito Authentication configuration.
- Scroll down to the Logout Settings:
- enable Delete ALB Session Cookie on Logout:
This invalidates the ALB session cookie and ends the ALB session. enable Redirect Users After Logout:
When activated, users are redirected to this URL on logout. This must be the OIDC logout endpoint for your identity provider.
Please find a table with logout urls below. You may need to adjust the url to your needs:Identity Provider Logout Url Azure https://login.microsoftonline.com/ <Your Tenant Id>/oauth2/v2.0/logout
ADFS https://<your adfs URL>/adfs/oauth2/logout Amazon Cognito https://<your cognito>.amazoncognito.com/logout?client_id=<your client id from Cognito> Ping Identity https://<Ping Identity Url>/idp/startSLO.ping?id_token_hint=id_token_issued_to_client
Other identity providers may also work. Please contact us at https://www.resolution.de/go/support if you use an identity provider that is not on this list.
- enable Delete ALB Session Cookie on Logout:
- Save your configuration.