Hello,
I have an application (lets say A) which relies on an application (lets say B) that is behind ISVA.
After authentication user lands back on application A and it also has a 'logout' link to logout the user session.
Issue - Since App A does not call ISVA's logout, session on Application B stays alive. Now when App A calls ISVA's /pkmslogout it is not essentially terminating the session at B. We have enabled the CORS to allow cross domain call. CORS setting is as below.
[cors-policy:MY_CORS]
request-match = GET /pkmslogout*
handle-pre-flight = true
allow-origin = https://ApplicationA.com:443
allow-credentials = true
allow-header =
allow-method = GET
allow-method = OPTIONS
max-age = -1
expose-header =
Can someone suggest what could be going wrong.