Rules for the front and back-channel URIs.
Identity Authentication triggers a logout request to the front or back-channel URI.
The front and back-channel logout URI must be in the following format:
protocol://domain<:port>/<path><?query parameters>
For example: https://example.com:70/logout?abc=123.
When you construct the front and back-channel URIs, have the following in mind:
The length is limited to 499 characters.
-
Protocols - Use the HTTPS protocol. The HTTP protocol is only allowed for localhost.
-
Localhost - It's allowed in the domain part.
-
Wildcard - It's allowed in the domain part. Wildcards are only supported in front-channel flows. Although there's no restriction on using wildcards with single tenant apps, the use of wildcards was developed with multitenant applications in mind.
https://*.example.com/logout
Allow during authorize call to register a URI with parameter
logout_uri, for example:https://app1.example.com/logout. -
IP Addresses - Usage of IP addresses isn't allowed.
After the domain part, you can put the port numbers. Always use a leading colon (:).
Usage of fragment identifier (
#) isn't allowed. For example, you can't usehttps://example.com/path#index.html.
Related Information
Redirect URIs, Post Logout Redirect URI Rules
Token Policy Configuration for Applications