Hi Farasath, Thank you very much for the info, you nailed it. One thing to add for anyone wanting to provide OpenID logout with redirection is that the id_token had to be signed, otherwise IS fails to validate the token.
Regards, Javier From: Farasath Ahamed [mailto:[email protected]] Sent: Friday, June 23, 2017 4:56 AM To: Vazquez-Hidalgo, Javier Cc: [email protected] Subject: Re: [Dev] IS 5.3.0 - OpenID Connect Logout In order to redirect to application home page after logout, you can use the post_logout_redirect_uri and id_token_hint query parameters. URL Template would be https://localhost:9443/oidc/logout?post_logout_redirect_uri=<redirect-url>&id_token_hint=<id-token> Sample URL https://localhost:9443/oidc/logout?post_logout_redirect_uri=http://localhost:8080/playground2/&id_token_hint=eyJhbGciOiJSUzI1NiIsIng1dCI6Ik5tSm1PR1V4TXpabFlqTTJaRFJoTlRabFlUQTFZemRoWlRSaU9XRTBOV0kyTTJKbU9UYzFaQSIsImtpZCI6ImQwZWM1MTRhMzJiNmY4OGMwYWJkMTJhMjg0MDY5OWJkZDNkZWJhOWQifQ.eyJhdXRoX3RpbWUiOjE0OTUxNDE2MTEsImV4cCI6MTQ5NTE0NTIzOSwic3ViIjoiYWRtaW4iLCJhenAiOiI3THd6OE9vVmRSUGNhY1BfZjI0WEYxTWo4N3NhIiwiYXRfaGFzaCI6IlV5NzJrVHVQbHlrWkR4R0hhZzh5M0EiLCJhdWQiOlsiN0x3ejhPb1ZkUlBjYWNQX2YyNFhGMU1qODdzYSJdLCJpc3MiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJpYXQiOjE0OTUxNDE2Mzl9.cNzJ4Iu7cep1XJhj79uO6blpGIo0V8zDgLtn35pL9QV-zhQmgShuzvAt6gc8mRP6KIAlIOjGP2-OIKG52WNqRlWmEmlH7dPnvKAsRrxMLPu1cWrVsld9dqbhCxHTpa0vNrkMnUJ5v_wR_P495B-7dH5OKqG8MiR2qdoqA7h85mA Please note that this redirect_uri needs to one of the callback uris that you registered with the OAuth app. Multiple callback uris can be registered for OAuth using regexes as below. Refer [1] For example you have, callback uri --> https://localhost/callback redirect uri after logout --> https://localhost/home set the callback uri in SP config as regexp=(https://localhost/callback|https://localhost/home<https://localhost/callback|https:/localhost/home>) [1] https://omindu.wordpress.com/tag/multiple-callbacks/ Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com<http://wso2.com/> Mobile: +94777603866<tel:%2B94777603866> Blog: blog.farazath.com<http://blog.farazath.com> Twitter: @farazath619<https://twitter.com/farazath619> [http://c.content.wso2.com/signatures/wso2-signature-general.png]<http://wso2.com/signature> On Fri, Jun 23, 2017 at 4:58 AM, Vazquez-Hidalgo, Javier <[email protected]<mailto:[email protected]>> wrote: Hello, I have an application that acquires an access token for a user, then I logout the user by redirecting to https://idp_hostname:9443/oidc/logout. This flow is working and I get the screen below at (https://idp_hostname:9443/authenticationendpoint/oauth2_logout.do) [cid:[email protected]] My question is, how can I redirect the user back to my application? Is there a query parameter I can pass e.g. https://idp_hostname:9443/oidc/logout?redirectUrl=http://myapp/? Thanks, Javier Vazquez If you wish to unsubscribe from receiving commercial electronic messages from TD Bank Group, please click here<http://www.td.com/tdoptout> or go to the following web address: www.td.com/tdoptout<http://www.td.com/tdoptout> Si vous souhaitez vous désabonner des messages électroniques de nature commerciale envoyés par Groupe Banque TD veuillez cliquer ici<http://www.td.com/tddesab> ou vous rendre à l'adresse www.td.com/tddesab<http://www.td.com/tddesab> NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal<http://www.td.com/legal> for instructions. AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique<http://www.td.com/francais/avis_juridique> pour des instructions. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
