Support for OIDC Logout
Description
Environment
depends on
is related to
Activity
Henri Mikkonen March 22, 2024 at 1:11 PM
Documented the global configuration properties at and wired them to both OIDC.Logout and OIDC.Logout.MDDriven.
Henri Mikkonen March 22, 2024 at 11:58 AM
Included logout related attributes to the openid-configuration template:
end_session_endpoint
backchannel_logout_supported
backchannel_logout_session_supported
frontchannel_logout_supported
frontchannel_logout_session_supported
Henri Mikkonen March 22, 2024 at 11:47 AM
Allow logout token type header customization via shibboleth.oidc.logout.LogoutTokenTypeLookupStrategy.
Henri Mikkonen March 15, 2024 at 11:16 AM
Updated dynamic client registration to support the logout parameters:
post_logout_redirect_uris
frontchannel_logout_session_required
frontchannel_logout_uri
backchannel_logout_session_required
backchannel_logout_uri
Henri Mikkonen March 1, 2024 at 9:51 AM
Started the documentation at:
TODO:
wire and document the global properties
test and document the existing properties (e.g. idp.session.secondaryServiceIndex)
Even though the OIDC logout specs are still drafts, the [Certificate programme |https://openid.net/certification/testing/] is already [piloting the logout tests|https://openid.net/certification/logout_op_testing/]
The related specs (all drafts ATM):
https://openid.net/specs/openid-connect-session-1_0.html
https://openid.net/specs/openid-connect-frontchannel-1_0.html
https://openid.net/specs/openid-connect-backchannel-1_0.html
https://openid.net/specs/openid-connect-rpinitiated-1_0.html