After moving to auth with a central OIDC service we noticed that any local 2FA session does not get properly terminated during logout. The workraround we have in place for OpenID 2.0 breaks the session termination because we cannot logout remotely and return to the logout page.
We should rework the logout to handle everything locally first for OIDC and finally logout remotely.
After moving to auth with a central OIDC service we noticed that any local 2FA session does not get properly terminated during logout. The workraround we have in place for OpenID 2.0 breaks the session termination because we cannot logout remotely and return to the logout page.
We should rework the logout to handle everything locally first for OIDC and finally logout remotely.