Logging out from Planon Cloud but not from IDP
If the used Identity Provider does not support single logout or the project team decides not to have the end user log out at the Identity Provider, the following configuration steps should be followed:
A user is being logged out in Planon and the Identity Broker solution is redirected to another web page.
This makes logging out work only partly, the logout only works visual. The session in Planon and the Identity Broker solution are ended but session at IDP is not ended.
If the user visits Planon again within the SSO session timeout, the user will be logged in again automatically.
In a Planon Cloud environment, a logout URL must be configured in System settings > Web application > Log off URL.
System Settings' Log off URL fieldSystem Settings' Log off URL field
The correct URL is the entityID that is mentioned in the metadata followed by:
/protocol/openid-connect/logout?client_id=Planon&post_logout_redirect_uri=Customer chosen URL
Example
If no custom domain is configured:
https://customer-test.planoncloud.com/auth/realms/planon/protocol/openid-connect/logout?client_id=Planon&post_logout_redirect_uri=https://www.planonsoftware.com/
If a custom domain is configured (example custom domain is facilities.customer.com):
https://facilities.customer.com/auth/realms/planon/protocol/openid-connect/logout?client_id=Planon&post_logout_redirect_uri=https://www.planonsoftware.com/