Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:security [2023/12/01 13:12]
chalupat [OIDC authentication]
+++ devel:documentation:security:dev:security [2023/12/01 16:15]
chalupat [Single logout flow from IDM]
@@ Line 219: / Line 219: @@
 @since 13.1.0
-This feature is disabled by default. If you want to enable it, see configuration properties [[this>wiki.czechidm.com/devel/documentation/application_configuration/dev/backend#oidc_authentication|application]]
+This feature is disabled by default. If you want to enable it, see configuration properties [[this>devel/documentation/application_configuration/dev/backend#oidc_authentication|application]]
 CAS Service for OIDC configuration:
@@ Line 244: / Line 244: @@
-==== The authentication flow from front  ====
+==== The authentication flow from front ====
-{{  .:oidc_auth.png?nolink&1490x975  }}
+{{  .:oidc_1.png?nolink&1061x612  }}
 ) User isn't authenticated so frotend redirects user to api endpoint for OIDC login.
@@ Line 261: / Line 261: @@
 ) IDM redirects to front with CIDMST
 ==== The authentication flow from external application (hub, ...) ====
-{{  .:oicd_external_auth.png?nolink&732x926  }}
+{{  .:oidc2_1.png?nolink&889x698  }}
 ) Authentication happens on external application
@@ Line 273: / Line 274: @@
 ) If user has access to resource returns it
+==== Single logout flow from IDM ====
+{{  .:oidc3_1.png?nolink&881x369  }}
+) User clicks on logout button so front redirects him to api endpoint for OIDC logout.
+) IDM redirect him to logout endpoint on OIDC provider
+) OIDC provider calls IMD and IDM invalidates all tokens with SID (from JWT token)