AM 7.3.1

OIDC user sessions

Logging in to the OpenID provider and obtaining tokens are established processes in the OpenID specification; however, keeping the relying party informed of the session’s validity is not as straightforward. The end user’s session in AM is unavailable to the relying party. The only information the relying party has is the expiration time of the ID token, which might be undesirable.

To solve this problem, AM supports the following OIDC specifications:

OIDC session management

Relying parties can request session information from AM and act on it.
OIDC backchannel logout

AM notifies relying parties when a user session becomes invalid.
Copyright © 2010-2024 ForgeRock, all rights reserved.