Hi,
I am using Java 11, Spring Security 5.5.0, and OpenSAML 4.4.1 to implement a SAML framework on the server side. I’ve gone this route to hopefully support more than one type of IdP based on customer preference. At the moment I am not using any Okta library or Javascript components to build the current implemetation.
In my development testing, I do not have any trouble successfully completing the login sequence with an Okta developer account or a few other IdPs. What I am having issue with is the logout. My intent is to perform a application session logout for the user, and not the full SLO, so that if the user is logged into other applications by way of Okta authentication those will still work.
I have found a couple of short discussions on using this API call:
https://{my okta domain}/login/signout?fromURI={application’s landing url}
When used as a URL standalone, this works fine in a browser tab after logging into my application via Okta. However, when I programmatically redirect to this URL within the application, I am getting a CORS error:
Access to XMLHttpRequest at ‘https://{my okta domain}/login/signout?fromURI=https%3A%2F%2Flocalhost%3A8081%2Fadmin%2F’ from origin ‘https://localhost:8081’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I have added my base URL (https://localhost:8081) as a trusted origin with the CORS and Redirect options selected with no change in the result. I also added the javascript test (e.g. Enable CORS | Okta Developer) in my client and it outputs “Invalid URL or Cross-Origin Request Blocked…” and to add my URL as a trusted origin; which I have already done.
From that message I am assuming that this Okta server endpoint is not configured for CORS. At this point I am out of ideas and could use some suggestions on how I should perform a non-SLO logout. Or is it even possible 
Thanks,
James