Signout issue - SSO URL is not expiring even after logout
As per the comments in above thread/issue, I am putting this idea on feedback website also.
I did used the delegate option and am able to Sign User Programmatically by generating SSO URL (generateSsoUrl). Now I have problem in Signingout, once user try Sign-Out from Azure APIM Developer portal, microsoft delegate the call to our CUstom AUthentication server, and we end the users session, and redirect them back to base url of developer portal. Here User see the Sign-In option again.
However If I paste the previous SSO URL (generateSsoUrl) into browser it allows the user to log-in, which is a security violation.
Have anyone faced the similar Issue, Please Suggest.
Same issue to us
Agnimitra Kumar Sinha commented
Hi, Any uodates on this ?
We still have this security vulnerability, and cannot release our product due to this.