Logout redirects back to SSO and immediately re-authenticates

[nadaverell]

When a user clicks logout in Radar (OIDC mode), the session cookie is cleared but the browser still has an active SSO session with the identity provider. The next request triggers the OIDC flow again, and the IdP silently re-authenticates — so the user ends up logged right back in.

Expected: User is actually logged out and sees a login prompt.

Options to investigate:

• Redirect to the IdP's logout/end-session endpoint (OpenID Connect RP-Initiated Logout) before clearing the Radar session
• Support end_session_endpoint from the IdP's OIDC discovery document
• Show a "you have been logged out" interstitial page instead of redirecting back to the app root