From 17eb445323a7374e8570e162f79916150b6311cf Mon Sep 17 00:00:00 2001
From: clokep <clokep@users.noreply.github.com>
Date: Mon, 31 Oct 2022 17:08:23 +0000
Subject: deploy: cc3a52b33df72bb4230367536b924a6d1f510d36

---
 develop/usage/configuration/config_documentation.html | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'develop/usage/configuration/config_documentation.html')

diff --git a/develop/usage/configuration/config_documentation.html b/develop/usage/configuration/config_documentation.html
index 47729d8a29..2d8b8db2a5 100644
--- a/develop/usage/configuration/config_documentation.html
+++ b/develop/usage/configuration/config_documentation.html
@@ -2667,6 +2667,17 @@ without modifications.</p>
 which is set to the claims returned by the UserInfo Endpoint and/or
 in the ID Token.</p>
 </li>
+<li>
+<p><code>backchannel_logout_enabled</code>: set to <code>true</code> to process OIDC Back-Channel Logout notifications. 
+Those notifications are expected to be received on <code>/_synapse/client/oidc/backchannel_logout</code>.
+Defaults to <code>false</code>.</p>
+</li>
+<li>
+<p><code>backchannel_logout_ignore_sub</code>: by default, the OIDC Back-Channel Logout feature checks that the
+<code>sub</code> claim matches the subject claim received during login. This check can be disabled by setting
+this to <code>true</code>. Defaults to <code>false</code>.</p>
+<p>You might want to disable this if the <code>subject_claim</code> returned by the mapping provider is not <code>sub</code>.</p>
+</li>
 </ul>
 <p>It is possible to configure Synapse to only allow logins if certain attributes
 match particular values in the OIDC userinfo. The requirements can be listed under
-- 
cgit 1.5.1